Mozilla Foundation Security Advisory 2015-55

Buffer overflow and out-of-bounds read while parsing MP4 video metadata

Announced
May 12, 2015
Reporter
laf.intel
Impact
High
Products
Firefox, Firefox OS, SeaMonkey
Fixed in
  • Firefox 38
  • Firefox OS 2.2
  • SeaMonkey 2.35

Description

Security researcher laf.intel reported a buffer overflow and out-of-bounds read in the libstagefright library while parsing invalid metadata in MPEG4 video files. This can lead to a potentially exploitable crash.

References