CVE-2015-7216

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 43.0

Description The issue exists due to insufficient input validation in the gdk-pixbuf library structure of the browser. Exploitation of this issue may allow a remote attacker to cause a denial of service or possibly have other impacts by using a specially crafted JPEG 2000 image. The gdk-pixbuf configuration incorrectly enables the JasPer decoder.

Recommendations For versions prior to 43.0, update to version 43.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the JasPer decoder for JPEG 2000 images until a patch is available. Restrict access to specially crafted JPEG 2000 images to minimize the risk of exploitation.