CVE-2016-2824

EPSS 0.7%
Veröffentlicht 13.06.2016 10:59:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version45.1.0

Microsoft ≫ Windows

Mozilla ≫ Firefox Version45.1.1

Microsoft ≫ Windows

Opensuse ≫ Leap Version42.1

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Mozilla ≫ Firefox Version <= 46.0.1

Microsoft ≫ Windows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.7%	0.713

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html

http://www.securityfocus.com/bid/91075

http://www.securitytracker.com/id/1036057

http://www.mozilla.org/security/announce/2016/mfsa2016-53.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1248580

https://nvd.nist.gov/vuln/detail/CVE-2016-2824

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2824

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2824

EUVD