Published: 07/02/2016 Updated: 10/03/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

libstagefright in mediaserver in Android 4.x prior to 4.4.4, 5.x prior to 5.1.1 LMY49G, and 6.x prior to 2016-02-01 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

google android 6.0.1

google android 4.3.1

google android 4.3

google android 4.2.2

google android 4.2.1

google android 5.0.2

google android 5.0.1

google android 5.0

google android 4.4.4

google android 4.0.3

google android 4.0.2

google android 4.0.1

google android 4.0

google android 5.1.1

google android 5.1

google android 4.4.3

google android 4.4.1

google android 4.1.2

google android 4.0.4

google android 6.0

google android 5.1.0

google android 4.4.2

google android 4.4

google android 4.2

google android 4.1

Vendor Advisories

We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process The Nexus firmware images have also been released to the Google Developer site Builds LMY49G or later and Android M with Security Patch Level of February 1, 2016 or later address these issues R ...

Recent Articles

Critical Wi-Fi Flaw Patched on Android
Threatpost • Michael Mimoso • 01 Feb 2016

Google today patched Nexus devices in an over-the-air update against a critical vulnerability that could be exploited by an attacker on the same Wi-Fi network.
The patch addresses multiple vulnerabilities in the Broadcom Wi-Fi driver that could be abused to allow for remote code execution. The patches were pushed out in builds LMY49G or later to Nexus devices and shared on Jan. 4 with carrier and manufacturer partners. The fixes are expected to be released to the Android Open Source Projec...