Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library. Reference: ---------- -> https://bugzilla.mozilla.org/show_bug.cgi?id=1192226 -> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506
External References: https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/ Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Khalil Zhani as the original reporter.
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2015:1834 https://rhn.redhat.com/errata/RHSA-2015-1834.html