6.8

CVE-2015-0797

EPSS 7.61%
Published 14.05.2015 10:59:00
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Gstreamer Project ≫ Gstreamer Version < 1.4.5

Linux ≫ Linux Kernel Version-

Mozilla ≫ Firefox Version < 38.0

Linux ≫ Linux Kernel Version-

Mozilla ≫ Firefox Version >= 31.0 < 31.7

Linux ≫ Linux Kernel Version-

Mozilla ≫ Seamonkey Version < 2.35

Linux ≫ Linux Kernel Version-

Mozilla ≫ Thunderbird Version < 31.7

Linux ≫ Linux Kernel Version-

Mozilla ≫ Thunderbird Version >= 38.0 < 38.0.1

Linux ≫ Linux Kernel Version-

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware

Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version6.6

Redhat ≫ Enterprise Linux Eus Version7.1

Redhat ≫ Enterprise Linux Eus Version7.2

Redhat ≫ Enterprise Linux Eus Version7.3

Redhat ≫ Enterprise Linux Eus Version7.4

Redhat ≫ Enterprise Linux Eus Version7.5

Redhat ≫ Enterprise Linux Eus Version7.6

Redhat ≫ Enterprise Linux Eus Version7.7

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version6.6

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version6.6

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.61%	0.914

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1012.html

Third Party Advisory

http://www.debian.org/security/2015/dsa-3260

Third Party Advisory

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html

Third Party Advisory

Mailing List

http://rhn.redhat.com/errata/RHSA-2015-0988.html

Third Party Advisory

http://www.debian.org/security/2015/dsa-3225

Third Party Advisory

http://www.debian.org/security/2015/dsa-3264

Third Party Advisory

http://www.mozilla.org/security/announce/2015/mfsa2015-47.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1080995

Patch

Vendor Advisory

Issue Tracking

https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/201512-07

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-0797

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0797

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0797

EUVD