CVE-2015-4485

2015-08-1601:59:13

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-4485

buffer overflow

libvpx

mozilla firefox

remote code execution

webm video data

nvd

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.2%

JSON

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.

Affected configurations

NVD

Node

mozillafirefoxRange≤39.0.3

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

oraclesolarisMatch11.3

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle39.0.3
mozilla:firefox_esrmozilla firefox esreq38.0
mozilla:firefox_esrmozilla firefox esreq38.0.1
mozilla:firefox_esrmozilla firefox esreq38.0.5
mozilla:firefox_esrmozilla firefox esreq38.1.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	39.0.3
mozilla:firefox_esr	mozilla firefox esr	eq	38.0
mozilla:firefox_esr	mozilla firefox esr	eq	38.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	38.0.5
mozilla:firefox_esr	mozilla firefox esr	eq	38.1.0