The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Google
Information Disclosure
Android
NVD
CVSS 2.0
2.6
EPSS
0.2%