Lucene search

K
cve[email protected]CVE-2015-4485
HistoryAug 16, 2015 - 1:59 a.m.

CVE-2015-4485

2015-08-1601:59:13
CWE-119
web.nvd.nist.gov
59
cve-2015-4485
buffer overflow
libvpx
mozilla firefox
remote code execution
webm video data
nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.

Affected configurations

NVD
Node
mozillafirefoxRange39.0.3
OR
mozillafirefox_esrMatch38.0
OR
mozillafirefox_esrMatch38.0.1
OR
mozillafirefox_esrMatch38.0.5
OR
mozillafirefox_esrMatch38.1.0
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch15.04
OR
opensuseopensuseMatch13.1
OR
opensuseopensuseMatch13.2
Node
oraclesolarisMatch11.3

References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%