Lucene search

K
cve[email protected]CVE-2015-7213
HistoryDec 16, 2015 - 11:59 a.m.

CVE-2015-7213

2015-12-1611:59:11
CWE-189
web.nvd.nist.gov
62
cve-2015-7213
integer overflow
mpeg4extractor
libstagefright
mozilla firefox
remote code execution
mp4
buffer overflow

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.052 Low

EPSS

Percentile

93.1%

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

Affected configurations

NVD
Node
opensuseleapMatch42.1
OR
opensuseopensuseMatch13.1
OR
opensuseopensuseMatch13.2
Node
fedoraprojectfedoraMatch22
OR
fedoraprojectfedoraMatch23
Node
mozillafirefox_esrMatch38.0x64
OR
mozillafirefox_esrMatch38.0.1x64
OR
mozillafirefox_esrMatch38.0.5x64
OR
mozillafirefox_esrMatch38.1.0x64
OR
mozillafirefox_esrMatch38.1.1x64
OR
mozillafirefox_esrMatch38.2.0x64
OR
mozillafirefox_esrMatch38.2.1x64
OR
mozillafirefox_esrMatch38.3.0x64
OR
mozillafirefox_esrMatch38.4.0x64
Node
mozillafirefoxRange42.0x64

References

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.052 Low

EPSS

Percentile

93.1%