CVE-2015-7213

Published Dec 16, 2015

Last updated 24 days ago

CVSS info 6.8

Overview

Description: Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
Source: security@mozilla.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-189

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E75E69A5-AC94-4F35-9EFB-1BFF8B78210D"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2765E663-C9CF-476A-B7A8-6F02D0E2D72D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "A8111FC8-BC99-4DA3-9CBC-A86CE52E5A05",
            "versionEndIncluding": "42.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References