6.8

CVE-2015-7222

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version38.0
MozillaFirefox Version38.0.1
MozillaFirefox Version38.0.5
MozillaFirefox Version38.1.0
MozillaFirefox Version38.1.1
MozillaFirefox Version38.2.0
MozillaFirefox Version38.2.1
MozillaFirefox Version38.3.0
MozillaFirefox Version38.4.0
OpensuseLeap Version42.1
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
FedoraprojectFedora Version22
FedoraprojectFedora Version23
MozillaFirefox Version <= 42.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.27% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://security.gentoo.org/glsa/201512-10
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2657.html
http://www.debian.org/security/2015/dsa-3422
http://www.securityfocus.com/bid/79279
http://www.securitytracker.com/id/1034426
http://www.ubuntu.com/usn/USN-2833-1
http://www.mozilla.org/security/announce/2015/mfsa2015-147.html
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1216748
Issue Tracking