admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2015/CVE-2015-44xx/CVE-2015-4475.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

202 lines
6.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2015-4475",
"sourceIdentifier": "security@mozilla.org",
"published": "2015-08-16T01:59:03.427",
"lastModified": "2018-10-30T16:27:35.843",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file."
},
{
"lang": "es",
"value": "Vulnerabilidad en la funci\u00f3n Mozilla::AudioSink de Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, no maneja correctamente los formatos de muestreo inconsistente en los datos de audio MP3, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (lectura fuera de rango) a trav\u00e9s de archivos malformados."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndIncluding": "39.0.3",
"matchCriteriaId": "40AB4FC4-00EA-4C4E-81D8-170BD068B28B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "332589F6-C6DB-4204-97FA-B60105BBF146"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A04D6EAE-C709-4752-976E-DB15EE6E85B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html",
"source": "security@mozilla.org"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html",
"source": "security@mozilla.org"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html",
"source": "security@mozilla.org"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html",
"source": "security@mozilla.org"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html",
"source": "security@mozilla.org"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html",
"source": "security@mozilla.org"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html",
"source": "security@mozilla.org"
},
{
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-80.html",
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"source": "security@mozilla.org"
},
{
"url": "http://www.securityfocus.com/bid/76294",
"source": "security@mozilla.org"
},
{
"url": "http://www.securitytracker.com/id/1033247",
"source": "security@mozilla.org"
},
{
"url": "http://www.ubuntu.com/usn/USN-2702-1",
"source": "security@mozilla.org"
},
{
"url": "http://www.ubuntu.com/usn/USN-2702-2",
"source": "security@mozilla.org"
},
{
"url": "http://www.ubuntu.com/usn/USN-2702-3",
"source": "security@mozilla.org"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1175396",
"source": "security@mozilla.org"
},
{
"url": "https://security.gentoo.org/glsa/201605-06",
"source": "security@mozilla.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink