Mozilla Foundation Security Advisory 2016-44

Buffer overflow in libstagefright with CENC offsets

Announced
April 26, 2016
Reporter
Sascha Just
Impact
High
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 46
  • Firefox ESR 38.8
  • Firefox ESR 45.1

Description

Using Address Sanitizer, security researcher Sascha Just reported a buffer overflow in the libstagefright library due to issues with the handling of CENC offsets and the sizes table. This results in a potentially exploitable crash triggerable through web content.

References