CVE-2015-2729

2015-07-0602:01:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-2729

audioparamtimeline

audionodeinputvalue

web audio

mozilla firefox

denial of service

out-of-bounds read

nvd

4.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.5%

JSON

The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

CPENameOperatorVersion
mozilla:firefox_esrmozilla firefox esreq38.0
mozilla:firefox_esrmozilla firefox esreq31.1
mozilla:firefox_esrmozilla firefox esreq31.3.0
mozilla:firefox_esrmozilla firefox esreq31.1.1
mozilla:firefox_esrmozilla firefox esreq31.7.0
mozilla:firefox_esrmozilla firefox esreq31.5
mozilla:firefox_esrmozilla firefox esreq31.6.0
mozilla:firefox_esrmozilla firefox esreq31.3
mozilla:firefox_esrmozilla firefox esreq31.5.3
mozilla:firefox_esrmozilla firefox esreq31.5.1

CPE	Name	Operator	Version
mozilla:firefox_esr	mozilla firefox esr	eq	38.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.1
mozilla:firefox_esr	mozilla firefox esr	eq	31.3.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.1.1
mozilla:firefox_esr	mozilla firefox esr	eq	31.7.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.5
mozilla:firefox_esr	mozilla firefox esr	eq	31.6.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.3
mozilla:firefox_esr	mozilla firefox esr	eq	31.5.3
mozilla:firefox_esr	mozilla firefox esr	eq	31.5.1