CVE-2015-2738

CVSS v2.0 10 (High)

EPSS 0.68 % (80^th)

Affected Products 10

Advisories 15

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Weaknesses

CWE-17: DEPRECATED: Code

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-07-06 02:01:07
(9 years ago)
Updated Date: 2018-10-30 16:27:37
(5 years ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Oracle

Solaris

Suse

Configuration #1

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10
	Canonical Ubuntu Linux 15.04	cpe:2.3:o:canonical:ubuntu_linux:15.04

Configuration #2

		CPE23	From	Up To
	Suse Linux Enterprise Desktop 12	cpe:2.3:o:suse:linux_enterprise_desktop:12
	Suse Linux Enterprise Server 11 SP4	cpe:2.3:o:suse:linux_enterprise_server:11:sp4
	Suse Linux Enterprise Software Development Kit 12	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12
	Suse Linux Enterprise Server 12	cpe:2.3:o:suse:suse_linux_enterprise_server:12

Configuration #3

		CPE23	From	Up To
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #4

		CPE23	From	Up To
	Mozilla Firefox 38.1.0 and prior versions	cpe:2.3:a:mozilla:firefox		<= 38.1.0

Configuration #5

		CPE23	From	Up To
	Mozilla Firefox Esr 31.0	cpe:2.3:a:mozilla:firefox_esr:31.0
	Mozilla Firefox Esr 31.1	cpe:2.3:a:mozilla:firefox_esr:31.1
	Mozilla Firefox Esr 31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0
	Mozilla Firefox Esr 31.1.1	cpe:2.3:a:mozilla:firefox_esr:31.1.1
	Mozilla Firefox Esr 31.2	cpe:2.3:a:mozilla:firefox_esr:31.2
	Mozilla Firefox Esr 31.3	cpe:2.3:a:mozilla:firefox_esr:31.3
	Mozilla Firefox Esr 31.3.0	cpe:2.3:a:mozilla:firefox_esr:31.3.0
	Mozilla Firefox Esr 31.4	cpe:2.3:a:mozilla:firefox_esr:31.4
	Mozilla Firefox Esr 31.5	cpe:2.3:a:mozilla:firefox_esr:31.5
	Mozilla Firefox Esr 31.5.1	cpe:2.3:a:mozilla:firefox_esr:31.5.1
	Mozilla Firefox Esr 31.5.2	cpe:2.3:a:mozilla:firefox_esr:31.5.2
	Mozilla Firefox Esr 31.5.3	cpe:2.3:a:mozilla:firefox_esr:31.5.3
	Mozilla Firefox Esr 31.6.0	cpe:2.3:a:mozilla:firefox_esr:31.6.0
	Mozilla Firefox Esr 31.7.0	cpe:2.3:a:mozilla:firefox_esr:31.7.0
	Mozilla Firefox Esr 38.0	cpe:2.3:a:mozilla:firefox_esr:38.0

Configuration #6

		CPE23	From	Up To
	Mozilla Thunderbird 38.0.1 and prior versions	cpe:2.3:a:mozilla:thunderbird		<= 38.0.1

Configuration #7

		CPE23	From	Up To
	Oracle Solaris 11.3	cpe:2.3:o:oracle:solaris:11.3