Android stagefright ih264d_read_mmco_commands libavc heap overflow
| CENSUS ID: | CENSUS-2016-0004 |
| CVE ID: | CVE-2016-0842 |
| Android ID: | 25818142 |
| Affected Products: | Android OS 6.0 — 6.0.1 |
| Class: | Out-of-bounds Write (CWE-787) |
| Discovered by: | Anestis Bechtsoudis |
Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.
Android stagefright libavc ih264d_decode heap overflow
| CENSUS ID: | CENSUS-2016-0003 |
| CVE ID: | CVE-2016-0816 |
| Android ID: | 25928803 |
| Affected Products: | Android OS 6.0 — 6.0.1 |
| Class: | Out-of-bounds Write (CWE-787) |
| Discovered by: | Anestis Bechtsoudis |
Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.
Android stagefright libmpeg2 impeg2d_dec_user_data heap overflow
| CENSUS ID: | CENSUS-2016-0008 |
| CVE ID: | CVE-2016-0824 |
| Android ID: | 25765591 |
| Affected Products: | Android OS 6.0 — 6.0.1 |
| Class: | Out-of-bounds Read (CWE-125) |
| Discovered by: | Anestis Bechtsoudis |
Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.
The road to efficient Android fuzzing
In the aftermath of the recent Android stagefright vulnerabilities, efficient fuzz testing techniques and tools for the Android ecosystem are again in the spotlight. In this post we would like to share some of the fuzz testing experience we have gained through our projects and show how it can be applied in the Android world. Additionally, we’ll enlist some of the public contributions we’ve made to open source tools aiming to help the community focus more on the target and less on the tooling.