Integer Overflow in libstagefright: Arbitrary Code Execution via Crafted MPEG-4 Video Data

CVE-2015-4480 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.