Mozilla Foundation Security Advisory 2015-47
Buffer overflow parsing H.264 video with Linux Gstreamer
- May 12, 2015
- Aki Helin
- Firefox, Firefox ESR, SeaMonkey, Thunderbird
- Fixed in
- Firefox 38
- Firefox ESR 31.7
- SeaMonkey 2.35
- Thunderbird 31.7
- Thunderbird 38.0.1
Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow during video playback on Linux systems. This was due to a problem in older versions of the Gstreamer plugin during the parsing of H.264 formatted video. This issue could be used to induce a possibly exploitable crash.
This issue does not affect the current 1.0 version of Gstreamer and does not affect Windows or OS X systems.