PT-2015-4882 · Mozilla+4 · Firefox+6

Aki Helin

Publicado

2015-04-15

Atualizado

2024-10-22

CVE-2015-0797

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.4.5 Mozilla Firefox versions prior to 38.0 Firefox ESR 31.x versions prior to 31.7 Thunderbird versions prior to 31.7

Description The issue allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.

Recommendations For GStreamer versions prior to 1.4.5, update to version 1.4.5 or later. For Mozilla Firefox versions prior to 38.0, update to version 38.0 or later. For Firefox ESR 31.x versions prior to 31.7, update to version 31.7 or later. For Thunderbird versions prior to 31.7, update to version 31.7 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CESA-2015_0988

CVE-2015-0797

DLA-2164-1

DSA-3225-1

DSA-3260-1

DSA-3264-1

MGASA-2015-0188

RHSA-2015:0988

RHSA-2015_0988

SUSE-SU-2015:0942-1

SUSE-SU-2015:0960-1

SUSE-SU-2015_0921-1

SUSE-SU-2015_0942-1

SUSE-SU-2015_0960-1

SUSE-SU-2015_0978-1

Produtos afetados

Centos

Firefox Esr

Gstreamer

Firefox

Red Hat

Suse

Thunderbird

PT-2015-4882 · Mozilla+4 · Firefox+6

CVE-2015-0797

Identificadores relacionados

Produtos afetados

Referências · 92