Comment by testdelacc1

The implication being that if the attacker could also craft a malicious payload that would cause a buffer overflow, they could chain the exploits to get remote code execution on the client.

While anyone can perform the attack described in the bug, it takes a very sophisticated attacker to craft the payload that can exploit Android’s media library.