CVE-2015-7212Integer Overflow or Wraparound in Mozilla Firefox

CWE-189CWE-190Integer Overflow or Wraparound9 documents6 sources
Severity
7.5HIGHNVD
OSV10.0
EPSS
2.3%
top 15.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla ThunderbirdFedoraproject Fedora+2 more
Timeline
PublishedDec 16
Latest updateMay 14

Description

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

Ubuntumozilla/firefox< 43.0+build1-0ubuntu0.14.04.1
NVDmozilla/firefox42.0+9
Ubuntumozilla/thunderbird< 1:38.5.1+build2-0ubuntu0.14.04.1
NVDopensuse/leap42.1
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Fedora 22, 23

🔴Vulnerability Details

4
GHSA
GHSA-rwvw-c2vw-6c39: Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 432022-05-14
OSV
thunderbird vulnerabilities2016-01-13
OSV
CVE-2015-7212: Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 432015-12-15
OSV
firefox vulnerabilities2015-12-15

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2016-01-13
Red Hat
Mozilla: Integer overflow allocating extremely large textures (MFSA 2015-139)2015-12-16
Ubuntu
Firefox vulnerabilities2015-12-15

💬Community

1
Bugzilla
CVE-2015-7212 Mozilla: Integer overflow allocating extremely large textures (MFSA 2015-139)2015-12-15
CVE-2015-7212 — Integer Overflow or Wraparound | cvebase