Heap-based buffer overflow in BnHDCP::onTransact function in Android before 5.1.1 LMY48I

Heap-based buffer overflow in BnHDCP::onTransact function in Android before 5.1.1 LMY48I

CVE-2015-3834 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug 20222489.

Learn more about our Cis Benchmark Audit For Google Android.