Lucene search

[email protected]CVE-2015-4475

HistoryAug 16, 2015 - 1:59 a.m.

CVE-2015-4475

2015-08-1601:59:03

CWE-119

[email protected]

web.nvd.nist.gov

mozilla

audiosink

firefox

cve-2015-4475

nvd

security

vulnerability

mp3

remote code execution

denial of service

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.055 Low

EPSS

Percentile

93.3%

JSON

The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.

Affected configurations

NVD

Node

mozillafirefoxRange≤39.0.3

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle39.0.3
mozilla:firefox_esrmozilla firefox esreq38.0
mozilla:firefox_esrmozilla firefox esreq38.0.1
mozilla:firefox_esrmozilla firefox esreq38.0.5
mozilla:firefox_esrmozilla firefox esreq38.1.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	39.0.3
mozilla:firefox_esr	mozilla firefox esr	eq	38.0
mozilla:firefox_esr	mozilla firefox esr	eq	38.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	38.0.5
mozilla:firefox_esr	mozilla firefox esr	eq	38.1.0