cpe:/o:google:android:4.0 cpe:/o:google:android:4.0.1 cpe:/o:google:android:4.0.2 cpe:/o:google:android:4.0.3 cpe:/o:google:android:4.0.4 cpe:/o:google:android:4.1 cpe:/o:google:android:4.1.2 cpe:/o:google:android:4.2 cpe:/o:google:android:4.2.1 cpe:/o:google:android:4.2.2 cpe:/o:google:android:4.3 cpe:/o:google:android:4.3.1 cpe:/o:google:android:4.4 cpe:/o:google:android:4.4.1 cpe:/o:google:android:4.4.2 cpe:/o:google:android:4.4.3 cpe:/o:google:android:4.4.4 cpe:/o:google:android:5.0 cpe:/o:google:android:5.0.1 cpe:/o:google:android:5.0.2 cpe:/o:google:android:5.1 cpe:/o:google:android:5.1.0 cpe:/o:google:android:5.1.1 cpe:/o:google:android:6.0 cpe:/o:google:android:6.0.1 CVE-2016-0803 2016-02-06T20:59:02.067-05:00 2016-03-09T20:22:10.017-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2016-03-04T14:10:48.100-05:00 CONFIRM http://source.android.com/security/bulletin/2016-02-01.html CONFIRM https://android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7 libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.