Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-0813

Source

Mozilla Foundation Security Advisory 2015-31

Use-after-free when using the Fluendo MP3 GStreamer plugin

Announced

March 31, 2015

Reporter

Aki Helin

Impact

Critical

Products

Firefox, Firefox ESR, SeaMonkey, Thunderbird

Fixed in

Firefox 37
Firefox ESR 31.6
SeaMonkey 2.35
Thunderbird 31.6

Description

Security researcher Aki Helin reported a use-after-free when playing certain MP3 format audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. This can lead to a potentially exploitable crash.

This flaw only affects Linux installations. Windows and OS X users are unaffected by it.

References

heap-use-after-free at AppendElements (CVE-2015-0813)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Use-after-free when using the Fluendo MP3 GStreamer plugin

Use-after-free when using the Fluendo MP3 GStreamer plugin

Description

References

Vulmon Search

About

Products

Connect