CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.

Product Status

Learn more

Information not provided

References 2 Total

https://android.googlesource.com/platform/frameworks/av/+/e248db02fbab2ee9162940bc19f087fd7d96cb9d
external site
http://source.android.com/security/bulletin/2016-07-01.html
external site

Updated: 2024-08-05

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://android.googlesource.com/platform/frameworks/av/+/e248db02fbab2ee9162940bc19f087fd7d96cb9d
external site
x_transferred
http://source.android.com/security/bulletin/2016-07-01.html
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Android (associated with Google Inc. or Open Handset Alliance)

Description

Product Status

References 2 Total

CVE Program

References 2 Total