Endpoint Vulnerability

Out-of-bounds read with malformed MP3 file

Description

Security researcher Aki Helin used the Address Sanitizer tool to discover an out-of-bounds read during playback of a malformed MP3 format audio file which switches sample formats. This could trigger a potentially exploitable crash or the reading of out-of-bounds memory content in some circumstances.

Affected Products

Firefox,Firefox ESR

References

CVE-2015-4475,