Integer underflows in ESDS::parseESDescriptor function in libstagefright in Android before 5.1.1 LMY48I

Integer underflows in ESDS::parseESDescriptor function in libstagefright in Android before 5.1.1 LMY48I

CVE-2015-1539 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.

Learn more about our Cis Benchmark Audit For Google Android.