libutils in Android prior to 5.1.1 LMY48X and 6.0 prior to 2015-11-01 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android |
Privilege escalation and remote code execution feature in fourth droid patch run.
Google has patched two critical remote code execution vulnerabilities as part of a suite of seven fixes in its fourth round of Android patching since August. The over-the-air updates set to hit Nexus, Samsung, and Android Open Source Project (AOSP) devices first for Google's latest Marshmallow Android operating system. Google informed "partners" on 5 October and patch source code is set to hit the AOSP soon. Two flaws rated critical include libutils (CVE-2015-6609) and mediaserver (CVE-2015-6608...