PT-2016-1460 · Mozilla+6 · Firefox Esr+7

Jmamj90

·

Publicado

2016-03-08

·

Atualizado

2024-12-12

·

CVE-2016-1957

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 45.0 Firefox ESR versions prior to 38.7
Description The issue is caused by a buffer overflow in the libstagefright library, which can be exploited by a remote attacker to cause a denial of service (memory consumption) using a specially crafted MPEG-4 file. This file triggers a delete operation on an array, leading to memory leak.
Recommendations For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later to resolve the issue. For Firefox ESR versions prior to 38.7, update to version 38.7 or later to resolve the issue.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2016-1250
ALT-PU-2016-1277
ALT-PU-2016-1454
BDU:2016-00761
CESA-2016_0373
CESA-2016_0460
CVE-2016-1957
DSA-3510-1
DSA-3520-1
MGASA-2016-0105
MGASA-2016-0115
OPENSUSE-SU-2016:1769-1
OPENSUSE-SU-2016:1778-1
OPENSUSE-SU-2016_0731-1
OPENSUSE-SU-2016_0733-1
OPENSUSE-SU-2016_0876-1
OPENSUSE-SU-2016_0894-1
OPENSUSE-SU-2016_1767-1
OPENSUSE-SU-2016_1778-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2016:0373
RHSA-2016:0460
RHSA-2016_0373
RHSA-2016_0460
SUSE-SU-2016:0727-1
SUSE-SU-2016:0777-1
SUSE-SU-2016:0909-1
USN-2917-1
USN-2917-2
USN-2917-3
USN-2934-1

Produtos afetados

Alt Linux
Centos
Firefox Esr
Firefox
Red Hat
Suse
Ubuntu
Libstagefright