CVE-2015-7213Integer Overflow or Wraparound in Mozilla Firefox

CWE-189CWE-190Integer Overflow or Wraparound9 documents6 sources
Severity
6.8MEDIUMNVD
OSV10.0
EPSS
2.4%
top 14.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla ThunderbirdFedoraproject Fedora+2 more
Timeline
PublishedDec 16
Latest updateMay 14

Description

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

Ubuntumozilla/firefox< 43.0+build1-0ubuntu0.14.04.1
NVDmozilla/firefox42.0+9
Ubuntumozilla/thunderbird< 1:38.5.1+build2-0ubuntu0.14.04.1
NVDopensuse/leap42.1
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Fedora 22, 23

🔴Vulnerability Details

4
GHSA
GHSA-9wfv-5vpr-64rx: Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor2022-05-14
OSV
thunderbird vulnerabilities2016-01-13
OSV
CVE-2015-7213: Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor2015-12-15
OSV
firefox vulnerabilities2015-12-15

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2016-01-13
Red Hat
Mozilla: Integer overflow in MP4 playback in 64-bit versions (MFSA 2015-146)2015-12-16
Ubuntu
Firefox vulnerabilities2015-12-15

💬Community

1
Bugzilla
CVE-2015-7213 Mozilla: Integer overflow in MP4 playback in 64-bit versions (MFSA 2015-146)2015-12-15
CVE-2015-7213 — Integer Overflow or Wraparound | cvebase