CVE-2012-4186

CWE-119Buffer Overflow7 documents6 sources
Severity
9.3CRITICAL
EPSS
52.5%
top 2.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+10 more
Timeline
PublishedOct 10
Latest updateMay 13

Description

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages10 packages

NVDmozilla/firefox< 10.0.8+1
NVDmozilla/seamonkey< 2.13

Also affects: Debian Linux 6.0, Ubuntu Linux 10.04, 11.04, 11.10, 12.04, Enterprise Linux 6.3

🔴Vulnerability Details

2
GHSA
GHSA-q5f9-pv86-jvpw: Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 162022-05-13
CVEList
CVE-2012-4186: Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 162012-10-10

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2012-10-12
Ubuntu
Firefox vulnerabilities2012-10-09
Red Hat
Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)2012-10-09

💬Community

1
Bugzilla
CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)2012-10-06
CVE-2012-4186 (CRITICAL CVSS 9.3) | Heap-based buffer overflow in the n | cvebase.io