The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x prior to 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.5.2 |
||
mozilla firefox 3.5.3 |
||
mozilla firefox 3.5.1 |