Using Address Sanitizer, security researcher Sascha Just reported a buffer overflow in the libstagefright library due to issues with the handling of CENC offsets and the sizes table. This results in a potentially exploitable crash triggerable through web content. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-44.html
Acknowledgments: Name: the Mozilla project Upstream: Sascha Just
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2016:0695 https://rhn.redhat.com/errata/RHSA-2016-0695.html