Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
22 Oct 2024, 13:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:* |
Information
Published : 2015-08-16 01:59
Updated : 2024-10-22 13:42
NVD link : CVE-2015-4493
Mitre link : CVE-2015-4493
CVE.ORG link : CVE-2015-4493
JSON object : View
Products Affected
opensuse
- opensuse
oracle
- solaris
canonical
- ubuntu_linux
mozilla
- firefox
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer