WebRTC and LibVPX vulnerabilities found through code inspection
- March 8, 2016
- Ronald Crane
- Fixed in
- Firefox 45
Security researcher Ronald Crane reported five "moderate" rated vulnerabilities affecting released code that were found through code inspection. These included the following issues in WebRTC: an integer underflow, a missing status check, race condition, and a use of deleted pointers to create new object. A race condition in LibVPX was also identified. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
This issue only affects Windows systems. Linux, OS X, and Android systems are unaffected.
- Underflow in srtp_unprotect could cause memory-safety bug (CVE-2016-1970)
- Missing status check in I420VideoFrame::CreateFrame creates memory-safety bug (CVE-2016-1971)
- Potential race conditions around block-level statics cause memory-safety bugs (CVE-2016-1975)
- DesktopDisplayDevice::operator= uses members after delete on self-assignment (CVE-2016-1976)
- Race condition in |once| can cause use after free (CVE-2016-1972)