Lucene search

[email protected]CVE-2015-2717

HistoryMay 14, 2015 - 10:59 a.m.

CVE-2015-2717

2015-05-1410:59:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-2717

integer overflow

libstagefright

mozilla firefox

remote attackers

arbitrary code

denial of service

heap-based buffer overflow

out-of-bounds read

mp4 video file

invalid metadata

nvd

9.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.1%

JSON

Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle37.0.2
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	37.0.2
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2

References

lists.opensuse.org/opensuse-updates/2015-05/msg00036.html

www.mozilla.org/security/announce/2015/mfsa2015-55.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/74611

www.ubuntu.com/usn/USN-2602-1

bugzilla.mozilla.org/show_bug.cgi?id=1154683

security.gentoo.org/glsa/201605-06

9.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.1%

JSON

Related for CVE-2015-2717

prion1 ubuntucve1 mozilla1 openvas5 ubuntu1 archlinux1 nessus8 kaspersky1 securityvulns1 freebsd1 mageia1 gentoo1