libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
RCE
Google
Android
NVD
CVSS 2.0
9.3
EPSS
7.2%
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
RCE
Google
Android
NVD
CVSS 2.0
9.3
EPSS
2.8%