There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime This bug can be reached if a user accepts a call from a malicious peer
The issue can be reproduced using the attached sequence of RTP packets To reproduce the issue:
1) Build video-replayc attached (gcc -g -dynamiclib -o mylib video-replay ...