Android mediaserver Remote Code Execution Vulnerability (CVE-2015-6636)
Android mediaserver Remote Code Execution Vulnerability (CVE-2015-6636)
Release date:
Updated on:
Affected Systems:
Android <5.1.1 LMY49F
Android 6.0 (<)
Description:
CVE (CAN) ID: CVE-2015-6636
Android is a mobile phone operating system based on the Linux open kernel.
In Android 5.1.1 and LMY49F versions 5.x and earlier than 6.0, mediaserver has a security vulnerability. By constructing a media file, remote attackers can exploit this vulnerability to execute arbitrary code or cause DoS (Memory Corruption ).
<* Source: Abhishek Arya
Martin Barbella
Oliver Chang
*>
Suggestion:
Vendor patch:
Android
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://source.android.com/security/bulletin/2016-01-01.html
This article permanently updates the link address: