Red Hat Bugzilla – Bug 1291597
CVE-2015-7222 Mozilla: Integer underflow and buffer overflow processing MP4 metadata in libstagefright (MFSA 2015-147)
Last modified: 2016-01-05 05:00:58 EST
Mozilla developer Gerald Squelart fixed an integer underflow in the libstagefright library initially reported by Joshua Drake to Google. The issues occurred in MP4 format video file while parsing cover metadata, leading to a buffer overflow. This results in a potentially exploitable crash and can be triggered by a malformed MP4 file served by web content.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gerald Squelart as the original reporter.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 5
Via RHSA-2015:2657 https://rhn.redhat.com/errata/RHSA-2015-2657.html