Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox prior to 40.0 and Firefox ESR 38.x prior to 38.2 allows remote malicious users to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle solaris 11.3 |
||
mozilla firefox esr 38.1.0 |
||
mozilla firefox |
||
mozilla firefox esr 38.0.1 |
||
mozilla firefox esr 38.0.5 |
||
mozilla firefox esr 38.0 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.04 |
||
opensuse opensuse 13.2 |
||
canonical ubuntu linux 12.04 |
||
opensuse opensuse 13.1 |