CVE-2015-7213

Severity

68%

Complexity

86%

Confidentiality

106%

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 9 years ago

2015-12-16 11:59:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

openSUSE Leap 42.1

42.1

OpenSUSE 13.1

13.1

OpenSUSE 13.2

13.2

Fedora 22

22

Fedora Project Fedora 23

23

Mozilla Firefox ESR 38.0 (64 bit)

38.0

Mozilla Firefox ESR 38.0.1 (64 bit)

38.0.1

Mozilla Firefox ESR 38.0.5 (64 bit)

38.0.5

Mozilla Firefox ESR 38.1.0 (64 bit)

38.1.0

Mozilla Firefox ESR 38.1.1 (64 bit)

38.1.1

Mozilla Firefox ESR 38.2.0 (64 bit)

38.2.0

Mozilla Firefox ESR 38.2.1 (64 bit)

38.2.1

Mozilla Firefox ESR 38.3.0 (64 bit)

38.3.0

Mozilla Firefox ESR 38.4.0 (64 bit)

38.4.0

References

FEDORA-2015-51b1105902

FEDORA-2015-7ab3d3afcf

SUSE-SU-2015:2334

SUSE-SU-2015:2335

SUSE-SU-2015:2336

openSUSE-SU-2015:2380

openSUSE-SU-2015:2406

openSUSE-SU-2015:2353

openSUSE-SU-2016:0307

openSUSE-SU-2016:0308

RHSA-2015:2657

DSA-3422

DSA-3432

http://www.mozilla.org/security/announce/2015/mfsa2015-146.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

79279

1034426

USN-2833-1

USN-2859-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1206211

GLSA-201512-10

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.