CVE-2016-1968Integer Underflow (Wrap or Wraparound) in Brotli

CWE-18913 documents7 sources
Severity
8.8HIGHNVD
EPSS
1.8%
top 17.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxDebian BrotliDebian Firefox+1 more
Timeline
PublishedMar 13
Latest updateMay 17

Description

Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

debiandebian/brotli< brotli 0.3.0+dfsg-3 (bookworm)
Ubuntumozilla/firefox< 45.0+build2-0ubuntu0.14.04.1+2
NVDmozilla/firefox44.0.2
debiandebian/firefox< brotli 0.3.0+dfsg-3 (bookworm)
debiandebian/firefox-esr< brotli 0.3.0+dfsg-3 (bookworm)

🔴Vulnerability Details

5
GHSA
GHSA-mgw3-h49g-5mxp: Integer underflow in Brotli, as used in Mozilla Firefox before 452022-05-17
OSV
firefox regressions2016-04-19
OSV
firefox regressions2016-04-07
OSV
CVE-2016-1968: Integer underflow in Brotli, as used in Mozilla Firefox before 452016-03-13
OSV
firefox vulnerabilities2016-03-09

📋Vendor Advisories

5
Ubuntu
Firefox regressions2016-04-19
Ubuntu
Firefox regressions2016-04-07
Ubuntu
Firefox vulnerabilities2016-03-09
Red Hat
Mozilla: Buffer overflow in Brotli decompression (MFSA 2016-30)2016-03-08
Debian
CVE-2016-1968: brotli - Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remo...2016

💬Community

2
Bugzilla
CVE-2016-5398 stored XSS in JBoss BPM suite business process editor2016-07-20
Bugzilla
CVE-2016-1968 Mozilla: Buffer overflow in Brotli decompression (MFSA 2016-30)2016-03-08