CVE-2015-0797

CWE-119 — Buffer Overflow7 documents6 sources

Severity

6.8MEDIUM

EPSS

7.6%

top 8.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gstreamer Gstreamer Mozilla Firefox Mozilla Seamonkey +11 more

Timeline

PublishedMay 14

Latest updateMay 13

Description

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages11 packages

▶NVDmozilla/firefox31.0 — 31.7+1

▶NVDmozilla/thunderbird38.0 — 38.0.1+1

▶NVDmozilla/seamonkey< 2.35

▶NVDgstreamer/gstreamer< 1.4.5

▶NVDsuse/linux_enterprise_server11

Also affects: Debian Linux 7.0, 8.0, 9.0, Enterprise Linux 6.6, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-wvj4-9m85-jjv9: GStreamer before 1↗2022-05-13

▶

CVEList

CVE-2015-0797: GStreamer before 1↗2015-05-14

▶

OSV

CVE-2015-0797: GStreamer before 1↗2015-05-14

▶

📋Vendor Advisories

Red Hat

Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47)↗2015-05-12

▶

💬Community

Bugzilla

CVE-2015-0797 Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47)↗2015-05-12

▶

Bugzilla

CVE-2015-0797 gstreamer-plugins-bad-free: gstreamer-plugins-bad: Heap-based buffer overflow when parsing H.264 video format [fedora-all]↗2015-05-04

▶