Integer Overflow and Buffer Overflow Vulnerability in MoofParser::Metadata Function

Integer Overflow and Buffer Overflow Vulnerability in MoofParser::Metadata Function

CVE-2016-1946 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.

Learn more about our Cis Benchmark Audit For Bind.