Closed
Bug 1200819
Opened 9 years ago
Closed 9 years ago
Null Pointer Derefrencing in libstagefright
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1187067
People
(Reporter: abillings, Unassigned)
References
Details
(Keywords: crash, csectype-nullptr, testcase, Whiteboard: [sg:dos])
Attachments
(4 files)
security@mozilla.org received the following in email today from secresearch@fortinet.com
-------
Vulnerability Notification
Sept 01, 2015
Tracking Case #: FG-VD-15-062
Dear Mozilla,
The following information pertains to information discovered by Fortinet's FortiGuard Labs. It has been determined that a vulnerability exists in libstagefright. To streamline the disclosure process, we have created a preliminary advisory which you can find below. This upcoming advisory is purely intended as a reference, and does not contain sensitive information such as proof of concept code.
As a mature corporation involved in security research, we strive to responsibly disclose vulnerability information. We will not post an advisory until we determine it is appropriate to do so in co-ordination with the vendor unless one the following situations occur:
1)If public proof of concept code is released, increasing the danger of the vulnerability being exploited in the wild
2)A patch or update has been released to provide protection against the given vulnerability
3)We receive explicit permission from the vendor
We look forward to working closely with you to resolve this issue, and kindly ask for your co-operation during this time. Please let us know if you have any further questions, and we will promptly respond to address any issues.
If this message is not encrypted, it is because we could not find your key to do so. If you have one available for use, please notify us and we will ensure that this is used in future correspondence. We ask you use our public PGP key to encrypt and communicate any sensitive information with us. You may find the key on our FortiGuard center at: http://www.fortiguardcenter.com/pgp_key.html
Type of Vulnerability & Repercussions:
Null Pointer Derefrencing
Affected Products:
Firefox 40.0.3(Windows 7)
Upcoming Advisory Reference:
http://www.fortiguard.com/advisory/UpcomingAdvisories.html
Attached is the Proof of Concept which triggers the bug.
Comment 1•9 years ago
|
||
I could not reproduce this issue with:
- nightly linux asan
- nightly linux asan dbg
- 40.0.2 linux asan
Anyone want to test on Windows? the report says that is what is affected.
Comment 2•9 years ago
|
||
Updated•9 years ago
|
Comment 3•9 years ago
|
||
Comment 4•9 years ago
|
||
Is this a dup of bug 1187067?
Updated•9 years ago
|
Reporter | ||
Comment 5•9 years ago
|
||
Updated•9 years ago
|
Group: core-security → media-core-security
Comment 6•9 years ago
|
||
I can repro on Windows: bp-a3373e72-4679-443d-8573-101322150903
Comment 7•9 years ago
|
||
Could you look into this, jya? It seems like if this is just a null deref it isn't really a security issue, but it would be good for somebody who knows this code to confirm that this crash is benign. Thanks.
Flags: needinfo?(jyavenard)
Comment 8•9 years ago
|
||
this is a dup of bug 1187067 and is fixed now (pending on inbound)
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(jyavenard)
Resolution: --- → DUPLICATE
Updated•8 years ago
|
Group: media-core-security
Updated•8 years ago
|
Whiteboard: [sg:dos]
You need to log in
before you can comment on or make changes to this bug.
Description
•