6.8

CVE-2015-0797

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GstreamerGstreamer Version < 1.4.5
   LinuxLinux Kernel Version-
MozillaFirefox Version < 38.0
   LinuxLinux Kernel Version-
MozillaFirefox Version >= 31.0 < 31.7
   LinuxLinux Kernel Version-
MozillaSeamonkey Version < 2.35
   LinuxLinux Kernel Version-
MozillaThunderbird Version < 31.7
   LinuxLinux Kernel Version-
MozillaThunderbird Version >= 38.0 < 38.0.1
   LinuxLinux Kernel Version-
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
RedhatEnterprise Linux Eus Version6.6
RedhatEnterprise Linux Eus Version7.1
RedhatEnterprise Linux Eus Version7.2
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.44% 0.917
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1012.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3260
Third Party Advisory
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-0988.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3225
Third Party Advisory
http://www.debian.org/security/2015/dsa-3264
Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-47.html
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1080995
Patch
Vendor Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201512-07
Third Party Advisory