CVE-2015-7222

CVSS v2.0 6.8 (Medium)

EPSS 2.34 % (90^th)

Affected Products 5

Advisories 9

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.

Weaknesses

CWE-189: Numeric Errors

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-12-16 11:59:20
(8 years ago)
Updated Date: 2018-10-30 16:27:35
(5 years ago)

Affected Products

Fedoraproject

Fedora

Mozilla

Opensuse

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox Esr 38.0	cpe:2.3:a:mozilla:firefox_esr:38.0
	Mozilla Firefox Esr 38.0.1	cpe:2.3:a:mozilla:firefox_esr:38.0.1
	Mozilla Firefox Esr 38.0.5	cpe:2.3:a:mozilla:firefox_esr:38.0.5
	Mozilla Firefox Esr 38.1.0	cpe:2.3:a:mozilla:firefox_esr:38.1.0
	Mozilla Firefox Esr 38.1.1	cpe:2.3:a:mozilla:firefox_esr:38.1.1
	Mozilla Firefox Esr 38.2.0	cpe:2.3:a:mozilla:firefox_esr:38.2.0
	Mozilla Firefox Esr 38.2.1	cpe:2.3:a:mozilla:firefox_esr:38.2.1
	Mozilla Firefox Esr 38.3.0	cpe:2.3:a:mozilla:firefox_esr:38.3.0
	Mozilla Firefox Esr 38.4.0	cpe:2.3:a:mozilla:firefox_esr:38.4.0

Configuration #2

		CPE23	From	Up To
	Opensuse Leap 42.1	cpe:2.3:o:opensuse:leap:42.1
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1
	Opensuse 13.2	cpe:2.3:o:opensuse:opensuse:13.2

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 22	cpe:2.3:o:fedoraproject:fedora:22
	Fedoraproject Fedora 23	cpe:2.3:o:fedoraproject:fedora:23

Configuration #4

		CPE23	From	Up To
	Mozilla Firefox 42.0 and prior versions	cpe:2.3:a:mozilla:firefox		<= 42.0