Buffer overflow parsing H.264 video with Linux Gstreamer

2015-05-12T00:00:00
ID MFSA2015-47
Type mozilla
Reporter Mozilla Foundation
Modified 2015-05-12T00:00:00

Description

Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow during video playback on Linux systems. This was due to a problem in older versions of the Gstreamer plugin during the parsing of H.264 formatted video. This issue could be used to induce a possibly exploitable crash.

This issue does not affect the current 1.0 version of Gstreamer and does not affect Windows or OS X systems.