Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android prior to 5.1.1 LMY48I allows remote malicious users to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android |