Mozilla Foundation Security Advisory 2016-65

Cairo rendering crash due to memory allocation issue with FFmpeg 0.10

Announced
August 2, 2016
Reporter
Bert Massop
Impact
Moderate
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 48
  • Firefox ESR 45.3

Description

Security researcher Bert Massop reported a crash in the Cairo graphics layer on Linux systems using the LibAV library included in version 0.10 of the FFmpeg library. This was due to an error when allocating the LibAV header when decoding some videos.

This only affects systems running the Linux operating system that also have FFMpeg version 0.10 installed and does not affect OS X or Windows systems.

References