Lucene search

[email protected]CVE-2015-7213

HistoryDec 16, 2015 - 11:59 a.m.

CVE-2015-7213

2015-12-1611:59:11

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-7213

integer overflow

mpeg4extractor

libstagefright

mozilla firefox

remote code execution

mp4

buffer overflow

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.1%

JSON

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

Affected configurations

NVD

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

fedoraprojectfedoraMatch22

fedoraprojectfedoraMatch23

Node

mozillafirefox_esrMatch38.0x64

mozillafirefox_esrMatch38.0.1x64

mozillafirefox_esrMatch38.0.5x64

mozillafirefox_esrMatch38.1.0x64

mozillafirefox_esrMatch38.1.1x64

mozillafirefox_esrMatch38.2.0x64

mozillafirefox_esrMatch38.2.1x64

mozillafirefox_esrMatch38.3.0x64

mozillafirefox_esrMatch38.4.0x64

Node

mozillafirefoxRange≤42.0x64

CPENameOperatorVersion
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2

References

lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html

lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html

lists.opensuse.org/opensuse-updates/2015-12/msg00104.html

lists.opensuse.org/opensuse-updates/2016-02/msg00007.html

lists.opensuse.org/opensuse-updates/2016-02/msg00008.html

rhn.redhat.com/errata/RHSA-2015-2657.html

www.debian.org/security/2015/dsa-3422

www.debian.org/security/2016/dsa-3432

www.mozilla.org/security/announce/2015/mfsa2015-146.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/79279

www.securitytracker.com/id/1034426

www.ubuntu.com/usn/USN-2833-1

www.ubuntu.com/usn/USN-2859-1

bugzilla.mozilla.org/show_bug.cgi?id=1206211

security.gentoo.org/glsa/201512-10

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2015-7213

mozilla1 prion1 nvd1 openvas32 ubuntucve1 cvelist1 redhat2 nessus29 veracode6 oraclelinux2 archlinux2 ubuntu2 debian2 centos2 mageia3 suse5 kaspersky1 freebsd1 gentoo1