ID CVE-2015-7213
Summary Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:x64:*
  • cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:x64:*
  • cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:x64:*
  • cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:x64:*
  • cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:x64:*
  • cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:x64:*
  • cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:x64:*
  • cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:x64:*
  • cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:x64:*
  • cpe:2.3:a:mozilla:firefox:42.0:*:*:*:*:*:x64:*
    cpe:2.3:a:mozilla:firefox:42.0:*:*:*:*:*:x64:*
CVSS
Base: 6.8 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2015:2657
rpms
  • firefox-0:38.5.0-2.el5_11
  • firefox-0:38.5.0-2.el6_7
  • firefox-0:38.5.0-3.el7_2
  • thunderbird-0:38.5.0-1.el5_11
  • thunderbird-0:38.5.0-1.el6_7
  • thunderbird-0:38.5.0-1.el7_2
refmap via4
bid 79279
confirm
debian
  • DSA-3422
  • DSA-3432
fedora
  • FEDORA-2015-51b1105902
  • FEDORA-2015-7ab3d3afcf
gentoo GLSA-201512-10
sectrack 1034426
suse
  • SUSE-SU-2015:2334
  • SUSE-SU-2015:2335
  • SUSE-SU-2015:2336
  • openSUSE-SU-2015:2353
  • openSUSE-SU-2015:2380
  • openSUSE-SU-2015:2406
  • openSUSE-SU-2016:0307
  • openSUSE-SU-2016:0308
ubuntu
  • USN-2833-1
  • USN-2859-1
Last major update 30-10-2018 - 16:27
Published 16-12-2015 - 11:59
Back to Top