CVE-2015-7222

Severity

68%

Complexity

86%

Confidentiality

106%

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 9 years ago

2015-12-16 11:59:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Mozilla Firefox ESR 38.0

38.0

Mozilla Firefox ESR 38.0.1

38.0.1

Mozilla Firefox ESR 38.0.5

38.0.5

Mozilla Firefox ESR 38.1.0

38.1.0

Mozilla Firefox ESR 38.1.1

38.1.1

Mozilla Firefox ESR 38.2.0

38.2.0

Mozilla Firefox ESR 38.2.1

38.2.1

Mozilla Firefox Extended Support Release (ESR) 38.3.0

38.3.0

Mozilla Firefox ESR 38.4.0

38.4.0

openSUSE Leap 42.1

42.1

OpenSUSE 13.1

13.1

OpenSUSE 13.2

13.2

Fedora 22

22

Fedora Project Fedora 23

23

Mozilla Firefox

References

FEDORA-2015-51b1105902

Third Party Advisory

FEDORA-2015-7ab3d3afcf

Third Party Advisory

SUSE-SU-2015:2334

SUSE-SU-2015:2335

SUSE-SU-2015:2336

openSUSE-SU-2015:2380

openSUSE-SU-2015:2406

openSUSE-SU-2015:2353

openSUSE-SU-2016:0307

Third Party Advisory

openSUSE-SU-2016:0308

Third Party Advisory

RHSA-2015:2657

DSA-3422

http://www.mozilla.org/security/announce/2015/mfsa2015-147.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

79279

1034426

USN-2833-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1216748

Issue Tracking

GLSA-201512-10

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2015-7222

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 9 years ago

Last updated 6 years ago

Affected Software

Mozilla Firefox ESR 38.0

Mozilla Firefox ESR 38.0.1

Mozilla Firefox ESR 38.0.5

Mozilla Firefox ESR 38.1.0

Mozilla Firefox ESR 38.1.1

Mozilla Firefox ESR 38.2.0

Mozilla Firefox ESR 38.2.1

Mozilla Firefox Extended Support Release (ESR) 38.3.0

Mozilla Firefox ESR 38.4.0

openSUSE Leap 42.1

OpenSUSE 13.1

OpenSUSE 13.2

Fedora 22

Fedora Project Fedora 23

Mozilla Firefox

References

FEDORA-2015-51b1105902

FEDORA-2015-7ab3d3afcf

SUSE-SU-2015:2334

SUSE-SU-2015:2335

SUSE-SU-2015:2336

openSUSE-SU-2015:2380

openSUSE-SU-2015:2406

openSUSE-SU-2015:2353

openSUSE-SU-2016:0307

openSUSE-SU-2016:0308

RHSA-2015:2657

DSA-3422

http://www.mozilla.org/security/announce/2015/mfsa2015-147.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

79279

1034426

USN-2833-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1216748

GLSA-201512-10

Stay updated

Get in touch