CVE-2015-0797
⚪ Do wiadomości
Przepełnienie bufora w GStreamer przed 1.4.5 umożliwia zdalnym atakującym wywołanie awarii aplikacji lub potencjalne wykonanie dowolnego kodu.
CVSS
6.8
EPSS
7.6%
Exploit
none
Vendor
redhat
Opis źródłowy (NVD)
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
dos
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 7.6% |
| Opublikowano (NVD) | 2015-05-14 10:59:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-03-17 15:52:33 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html (security@mozilla.org) [Broken Link]
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2015-0988.html (security@mozilla.org) [Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2015-1012.html (security@mozilla.org) [Third Party Advisory]
- http://www.debian.org/security/2015/dsa-3225 (security@mozilla.org) [Third Party Advisory]
- http://www.debian.org/security/2015/dsa-3260 (security@mozilla.org) [Third Party Advisory]
- http://www.debian.org/security/2015/dsa-3264 (security@mozilla.org) [Third Party Advisory]
- http://www.mozilla.org/security/announce/2015/mfsa2015-47.html (security@mozilla.org) [Vendor Advisory]
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (security@mozilla.org) [Third Party Advisory]
- https://bugzilla.mozilla.org/show_bug.cgi?id=1080995 (security@mozilla.org) [Issue Tracking, Patch, Vendor Advisory]
- https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- https://security.gentoo.org/glsa/201512-07 (security@mozilla.org) [Third Party Advisory]
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 (security@mozilla.org) [Vendor Advisory]