Lucene search

[email protected]CVE-2015-7213

HistoryDec 16, 2015 - 11:59 a.m.

CVE-2015-7213

2015-12-1611:59:11

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-7213

integer overflow

mpeg4extractor

libstagefright

mozilla firefox

remote code execution

mp4

buffer overflow

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.052 Low

EPSS

Percentile

93.1%

JSON

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

Affected configurations

NVD

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

fedoraprojectfedoraMatch22

fedoraprojectfedoraMatch23

Node

mozillafirefox_esrMatch38.0x64

mozillafirefox_esrMatch38.0.1x64

mozillafirefox_esrMatch38.0.5x64

mozillafirefox_esrMatch38.1.0x64

mozillafirefox_esrMatch38.1.1x64

mozillafirefox_esrMatch38.2.0x64

mozillafirefox_esrMatch38.2.1x64

mozillafirefox_esrMatch38.3.0x64

mozillafirefox_esrMatch38.4.0x64

Node

mozillafirefoxRange≤42.0x64

CPENameOperatorVersion
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2

References

lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html

lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html

lists.opensuse.org/opensuse-updates/2015-12/msg00104.html

lists.opensuse.org/opensuse-updates/2016-02/msg00007.html

lists.opensuse.org/opensuse-updates/2016-02/msg00008.html

rhn.redhat.com/errata/RHSA-2015-2657.html

www.debian.org/security/2015/dsa-3422

www.debian.org/security/2016/dsa-3432

www.mozilla.org/security/announce/2015/mfsa2015-146.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/79279

www.securitytracker.com/id/1034426

www.ubuntu.com/usn/USN-2833-1

www.ubuntu.com/usn/USN-2859-1

bugzilla.mozilla.org/show_bug.cgi?id=1206211

security.gentoo.org/glsa/201512-10

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.052 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2015-7213

ubuntucve1 cvelist1 prion1 nvd1 mozilla1 openvas32 oraclelinux2 veracode6 archlinux2 nessus29 debian2 ubuntu2 centos2 redhat2 suse5 mageia3 freebsd1 kaspersky1 gentoo1