CVE-2015-4496Integer Overflow or Wraparound in Mozilla Firefox

CWE-190Integer Overflow or WraparoundCWE-1899 documents6 sources
Severity
10.0CRITICALNVD
NVD9.3
EPSS
1.5%
top 18.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxGoogle AndroidOracle Solaris
Timeline
PublishedAug 16
Latest updateMay 17

Description

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

Ubuntumozilla/firefox< 40.0+build4-0ubuntu0.14.04.4
NVDmozilla/firefox37.0.2
NVDoracle/solaris11.3

🔴Vulnerability Details

5
GHSA
GHSA-grmx-f2j7-2qwf: Multiple integer overflows in libstagefright in Mozilla Firefox before 382022-05-17
GHSA
GHSA-9662-qxrh-f9g6: Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable2022-05-17
CVEList
CVE-2015-1538: Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable2015-10-01
CVEList
CVE-2015-4496: Multiple integer overflows in libstagefright in Mozilla Firefox before 382015-08-16
OSV
CVE-2015-4496: Multiple integer overflows in libstagefright in Mozilla Firefox before 382015-08-16

📋Vendor Advisories

1
Red Hat
Mozilla: Integer overflows in libstagefright while processing MP4 video metadata (MFSA 2015-93)2015-08-12

💬Community

1
Bugzilla
CVE-2015-4496 Mozilla: Integer overflows in libstagefright while processing MP4 video metadata (MFSA 2015-93)2015-08-14
CVE-2015-4496 — Integer Overflow or Wraparound | cvebase