AddVorbisCodecInfo Function in Matroska/MatroskaExtractor.cpp in Libstagefright Vulnerability (CVE-2015-3861)
Schweregrad:: Mittel
CVE Kennungen:: CVE-2015-3861
Hinweisdatum: 06 April 2016
Beschreibung
This vulnerability pertains to the multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M. When exploited successfully, it could allow remote attackers denial of service (DoS).
Trend Micro researcher Wish Wu disclosed details about this vulnerability to Google. The said company acknowledged Wu’s research contribution.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.