Bug 1291597 (CVE-2015-7222) - CVE-2015-7222 Mozilla: Integer underflow and buffer overflow processing MP4 metadata in libstagefright (MFSA 2015-147)
Summary: CVE-2015-7222 Mozilla: Integer underflow and buffer overflow processing MP4 m...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-7222
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1290704
TreeView+ depends on / blocked
 
Reported: 2015-12-15 08:59 UTC by Huzaifa S. Sidhpurwala
Modified: 2023-05-12 11:31 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-01-04 06:25:27 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2657 0 normal SHIPPED_LIVE Critical: firefox security update 2015-12-16 23:20:40 UTC

Description Huzaifa S. Sidhpurwala 2015-12-15 08:59:55 UTC 
Mozilla developer Gerald Squelart fixed an integer underflow in the libstagefright library initially reported by Joshua Drake to Google. The issues occurred in MP4 format video file while parsing cover metadata, leading to a buffer overflow. This results in a potentially exploitable crash and can be triggered by a malformed MP4 file served by web content. 


External Reference:

https://www.mozilla.org/security/announce/2015/mfsa2015-147.html


Acknowledgements:

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gerald Squelart as the original reporter.
Comment 1 errata-xmlrpc 2015-12-16 18:23:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 5

Via RHSA-2015:2657 https://rhn.redhat.com/errata/RHSA-2015-2657.html
Note You need to log in before you can comment on or make changes to this bug.