CVE-2015-4479 — Integer Overflow or Wraparound in Mozilla Firefox

CWE-189 CWE-190 — Integer Overflow or Wraparound CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents6 sources

Severity

10.0CRITICALNVD

EPSS

2.3%

top 15.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Canonical Ubuntu Linux Opensuse

Timeline

PublishedAug 16

Latest updateMay 14

Description

Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶Ubuntumozilla/firefox< 40.0+build4-0ubuntu0.14.04.1+1

▶NVDmozilla/firefox39.0.3+4

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

GHSA

GHSA-fv35-f685-jqpw: Multiple integer overflows in libstagefright in Mozilla Firefox before 40↗2022-05-14

▶

OSV

firefox regression↗2015-08-20

▶

OSV

firefox vulnerabilities↗2015-08-11

▶

OSV

ubufox update↗2015-08-11

▶

OSV

CVE-2015-4479: Multiple integer overflows in libstagefright in Mozilla Firefox before 40↗2015-08-11

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2015-08-20

▶

Ubuntu

Firefox vulnerabilities↗2015-08-11

▶

Red Hat

Mozilla: Overflow issues in libstagefright (MFSA 2015-83)↗2015-08-11

▶

Ubuntu

Ubufox update↗2015-08-11

▶

💬Community

Bugzilla

CVE-2015-4479 CVE-2015-4480 CVE-2015-4493 Mozilla: Overflow issues in libstagefright (MFSA 2015-83)↗2015-08-11

▶