Debian Nspr vulnerabilities

6 known vulnerabilities affecting debian/nspr.

Total CVEs

6

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2016-1951HIGHCVSS 8.6fixed in firefox 45.0-1 (sid)2016

CVE-2016-1951 [HIGH] CVE-2016-1951: firefox - Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (N... Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function. Scope: local sid: resolved (fixed in 45.0-1)

CVE-2015-7183HIGHCVSS 7.5fixed in nspr 2:4.10.10-1 (bookworm)2015

CVE-2015-7183 [HIGH] CVE-2015-7183: nspr - Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Ru... Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati

CVE-2014-1545CRITICALCVSS 10.0fixed in nspr 2:4.10.6-1 (bookworm)2014

CVE-2014-1545 [CRITICAL] CVE-2014-1545: nspr - Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers t... Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. Scope: local bookworm: resolved (fixed in 2:4.10.6-1) bullseye: resolved (fixed in 2:4.10.6-1) forky: resolved (fixed in 2:4.10.6-1) sid: resolved (fixed in

CVE-2013-5607HIGHCVSS 7.5fixed in nspr 2:4.10.2-1 (bookworm)2013

CVE-2013-5607 [HIGH] CVE-2013-5607: nspr - Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable R... Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificat

CVE-2009-2463CRITICALCVSS 10.0fixed in nspr 4.8.2-1 (bookworm)2009

CVE-2009-2463 [CRITICAL] CVE-2009-2463: nspr - Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode fu... Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that

CVE-2009-0689MEDIUMCVSS 6.8PoCfixed in mono 4.2.1.102+dfsg2-4 (bookworm)2009

CVE-2009-0689 [MEDIUM] CVE-2009-0689: mono - Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the... Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, al