CVE-2016-0836

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-04-01

Description The issue is caused by a stack-based buffer overflow in the decoder/impeg2d vld.c function of the mediaserver component. This allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file.

Recommendations For Android versions prior to 2016-04-01, update the system to a version released after 2016-04-01 to resolve the issue. As a temporary workaround, consider restricting the use of the mediaserver component to minimize the risk of exploitation. Avoid using the decoder/impeg2d vld.c function until the issue is resolved.