Lucene search

K

MozillaCVELIST:CVE-2016-2814

HistoryApr 30, 2016 - 5:00 p.m.

CVE-2016-2814

2016-04-3017:00:00

mozilla

www.cve.org

9.1 High

AI Score

Confidence

High

0.165 Low

EPSS

Percentile

96.0%

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.

References

lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html

lists.opensuse.org/opensuse-updates/2016-05/msg00038.html

rhn.redhat.com/errata/RHSA-2016-0695.html

www.debian.org/security/2016/dsa-3559

www.mozilla.org/security/announce/2016/mfsa2016-44.html

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securitytracker.com/id/1035692

www.ubuntu.com/usn/USN-2936-1

www.ubuntu.com/usn/USN-2936-2

www.ubuntu.com/usn/USN-2936-3

bugzilla.mozilla.org/show_bug.cgi?id=1254721

security.gentoo.org/glsa/201701-15

9.1 High

AI Score

Confidence

High

0.165 Low

EPSS

Percentile

96.0%

Related for CVELIST:CVE-2016-2814

cve1 debiancve1 mozilla1 nvd1 ubuntucve1 veracode1 openvas24 prion1 nessus25 suse4 debian1 mageia1 oraclelinux1 redhat1 centos1 ubuntu3 archlinux1 freebsd1 kaspersky1 gentoo1