Randell Jesup and the Firefox team discovered that srtp, Cisco"s reference implementation of the Secure Real-time Transport Protocol , does not properly handle RTP header CSRC count and extension header length. A remote attacker can exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.