ID CVE-2015-7213
Summary Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:42.0:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox:42.0:*:*:*:*:*:x64:*
CVSS
Base: 6.8 (as of 22-10-2024 - 13:42)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2015:2657
rpms
  • firefox-0:38.5.0-2.el5_11
  • firefox-0:38.5.0-2.el6_7
  • firefox-0:38.5.0-3.el7_2
  • firefox-debuginfo-0:38.5.0-2.el5_11
  • firefox-debuginfo-0:38.5.0-2.el6_7
  • firefox-debuginfo-0:38.5.0-3.el7_2
  • thunderbird-0:38.5.0-1.el5_11
  • thunderbird-0:38.5.0-1.el6_7
  • thunderbird-0:38.5.0-1.el7_2
  • thunderbird-debuginfo-0:38.5.0-1.el5_11
  • thunderbird-debuginfo-0:38.5.0-1.el6_7
  • thunderbird-debuginfo-0:38.5.0-1.el7_2
refmap via4
bid 79279
confirm
debian
  • DSA-3422
  • DSA-3432
fedora
  • FEDORA-2015-51b1105902
  • FEDORA-2015-7ab3d3afcf
gentoo GLSA-201512-10
sectrack 1034426
suse
  • SUSE-SU-2015:2334
  • SUSE-SU-2015:2335
  • SUSE-SU-2015:2336
  • openSUSE-SU-2015:2353
  • openSUSE-SU-2015:2380
  • openSUSE-SU-2015:2406
  • openSUSE-SU-2016:0307
  • openSUSE-SU-2016:0308
ubuntu
  • USN-2833-1
  • USN-2859-1
Last major update 22-10-2024 - 13:42
Published 16-12-2015 - 11:59
Last modified 22-10-2024 - 13:42
Back to Top