Integer underflow and buffer overflow processing MP4 metadata in libstagefright
- December 15, 2015
- Gerald Squelart
- Firefox, Firefox ESR
- Fixed in
- Firefox 43
- Firefox ESR 38.5
Mozilla developer Gerald Squelart fixed an integer underflow in the libstagefright library initially reported by Joshua Drake to Google. The issues occurred in MP4 format video file while parsing cover metadata, leading to a buffer overflow. This results in a potentially exploitable crash and can be triggered by a malformed MP4 file served by web content.
In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.