CVE-2015-7222

2015-12-16 12:59:20 2018-10-30 17:27:35

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Fedoraproject Fedora 23 (not an official CPE) Fedora 22 Opensuse Leap 42.1 (not an official CPE) Opensuse Opensuse 13.1 (not an official CPE) Opensuse Opensuse 13.2 (not an official CPE)

Mozilla Firefox esr 38.4.0 (not an official CPE) Mozilla Firefox esr 38.3.0 (not an official CPE) Mozilla Firefox esr 38.2.1 (not an official CPE) Mozilla Firefox esr 38.2.0 (not an official CPE) Mozilla Firefox esr 38.1.1 (not an official CPE) Mozilla Firefox esr 38.1.0 (not an official CPE) Mozilla Firefox esr 38.0.5 (not an official CPE) Mozilla Firefox esr 38.0.1 (not an official CPE) Mozilla Firefox esr 38.0 (not an official CPE) Mozilla Firefox 42.0 (not an official CPE)

Fedoraproject - Fedora Mozilla - Firefox esr Mozilla - Firefox Opensuse - Leap Opensuse - Opensuse

Advisory	Patch	Confirmed	Link
			79279
			http://www.oracle.com/technetwork/topics/security/linuxb...
			http://www.mozilla.org/security/announce/2015/mfsa2015-1...
			DSA-3422
			RHSA-2015:2657
			openSUSE-SU-2016:0308
			openSUSE-SU-2016:0307
			openSUSE-SU-2015:2353
			openSUSE-SU-2015:2406
			SUSE-SU-2015:2336
			openSUSE-SU-2015:2380
			SUSE-SU-2015:2335
			SUSE-SU-2015:2334
			FEDORA-2015-7ab3d3afcf
			FEDORA-2015-51b1105902
			1034426
			USN-2833-1
			https://bugzilla.mozilla.org/show_bug.cgi?id=1216748
			GLSA-201512-10

CVE-2015-7222

2015-12-16 12:59:20 2018-10-30 17:27:35

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)