10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.323 Low
EPSS
Percentile
97.0%
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor
function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR
38.x before 38.2 allows remote attackers to execute arbitrary code via an
invalid size field in an esds chunk in MPEG-4 video data, a related issue
to CVE-2015-1539.