Red Hat Bugzilla – Bug 1252276
CVE-2015-4475 Mozilla: Out-of-bounds read with malformed MP3 file (MFSA 2015-80)
Last modified: 2016-01-22 08:36:27 EST
Security researcher Aki Helin used the Address Sanitizer tool to discover an out-of-bounds read during playback of a malformed MP3 format audio file which switches sample formats. This could trigger a potentially exploitable crash or the reading of out-of-bounds memory content in some circumstances.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2015:1586 https://rhn.redhat.com/errata/RHSA-2015-1586.html