CVE-2015-0797

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.4.5 Mozilla Firefox versions prior to 38.0 Firefox ESR 31.x versions prior to 31.7 Thunderbird versions prior to 31.7

Description The issue allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.

Recommendations For GStreamer versions prior to 1.4.5, update to version 1.4.5 or later. For Mozilla Firefox versions prior to 38.0, update to version 38.0 or later. For Firefox ESR 31.x versions prior to 31.7, update to version 31.7 or later. For Thunderbird versions prior to 31.7, update to version 31.7 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2015_0988

CVE-2015-0797

DLA-2164-1

DSA-3225-1

DSA-3260-1

DSA-3264-1

MGASA-2015-0188

RHSA-2015:0988

RHSA-2015_0988

SUSE-SU-2015:0942-1

SUSE-SU-2015:0960-1

SUSE-SU-2015_0921-1

SUSE-SU-2015_0942-1

SUSE-SU-2015_0960-1

SUSE-SU-2015_0978-1

Affected Products

Centos

Firefox Esr

Gstreamer

Firefox

Red Hat

Suse

Thunderbird

CVE-2015-0797

Related Identifiers

Affected Products

References · 92