CVE-2015-4485Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources
Severity
10.0CRITICALNVD
EPSS
7.6%
top 8.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Webmproject LibvpxMozilla FirefoxCanonical Ubuntu Linux+2 more
Timeline
PublishedAug 16
Latest updateMay 14

Description

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox39.0.3+4
Debianwebmproject/libvpx< 1.4.0-1+3
NVDoracle/solaris11.3
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

3
GHSA
GHSA-g65r-8pw6-88qw: Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 402022-05-14
OSV
CVE-2015-4485: Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 402015-08-16
CVEList
CVE-2015-4485: Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 402015-08-16

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2015-08-11
Red Hat
Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89)2015-08-11
Debian
CVE-2015-4485: libvpx - Heap-based buffer overflow in the resize_context_buffers function in libvpx in M...2015

💬Community

1
Bugzilla
CVE-2015-4485 CVE-2015-4486 Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89)2015-08-11
CVE-2015-4485 — Mozilla Firefox vulnerability | cvebase