CVE-2016-1951

CWE-190 — Integer Overflow10 documents8 sources

Severity

8.6HIGH

EPSS

0.8%

top 25.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Netscape Portable Runtime

Timeline

PublishedAug 7

Latest updateMay 17

Description

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages4 packages

▶NVDmozilla/netscape_portable_runtime4.11

▶Debiannspr< 2:4.12-1+3

▶Debianfirefox-esr< 45.0esr-1+3

▶Ubuntuthunderbird< 1:45.2.0+build1-0ubuntu0.14.04.3+1

🔴Vulnerability Details

GHSA

GHSA-2xc9-w6jv-x92w: Multiple integer overflows in io/prprf↗2022-05-17

▶

OSV

CVE-2016-1951: Multiple integer overflows in io/prprf↗2016-08-07

▶

CVEList

CVE-2016-1951: Multiple integer overflows in io/prprf↗2016-08-07

▶

OSV

thunderbird vulnerabilities↗2016-07-18

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2016-07-18

▶

Ubuntu

NSPR vulnerability↗2016-07-11

▶

Red Hat

nspr: Memory allocation issue related to PR_*printf functions↗2016-05-31

▶

Debian

CVE-2016-1951: firefox - Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (N...↗2016

▶

💬Community

Bugzilla

CVE-2016-1951 nspr: Memory allocation issue related to PR_*printf functions↗2016-02-23

▶