Mozilla Foundation Security Advisory 2015-17

Buffer overflow in libstagefright during MP4 video playback

Announced
February 24, 2015
Reporter
Pantrombka
Impact
Critical
Products
Firefox, Firefox OS, SeaMonkey
Fixed in
  • Firefox 36
  • Firefox OS 2.2
  • SeaMonkey 2.33

Description

Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video playback when certain invalid MP4 video files led to the allocation of a buffer that was too small for the content. This led to a potentially exploitable crash.

References