CVE-2015-4493 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox
Severity
10.0CRITICALNVD
NVD9.3
EPSS
7.3%
top 8.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 16
Latest updateMay 17
Description
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages5 packages
Also affects: Ubuntu Linux 12.04, 14.04, 15.04
🔴Vulnerability Details
8GHSA▶
GHSA-3hvq-r5w2-423m: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS↗2022-05-17
GHSA▶
GHSA-8mf7-p7xv-mq52: Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40↗2022-05-14
CVEList▶
CVE-2015-1539: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS↗2015-10-01
CVEList▶
CVE-2015-4493: Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40↗2015-08-16
📋Vendor Advisories
4💬Community
1Bugzilla▶
CVE-2015-4479 CVE-2015-4480 CVE-2015-4493 Mozilla: Overflow issues in libstagefright (MFSA 2015-83)↗2015-08-11