CVE-2015-4493

Oracle Solaris < 39.0.3 - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.

References (15)

Core 15

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-1586.html

Various Sources x_refsource_confirm

https://hg.mozilla.org/mozilla-central/rev/a674c7019cb5

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2702-2

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2702-1

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201605-06

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3333

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2702-3

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1186718

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2015/mfsa2015-83.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1033247

Scores

EPSS 0.0698

EPSS Percentile 91.6%

Details

CWE

CWE-119

Status published

Products (11)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 15.04

mozilla/firefox 38.0

mozilla/firefox 38.0.1

mozilla/firefox 38.0.5

mozilla/firefox 38.1.0

mozilla/firefox < 39.0.3

opensuse/opensuse 13.1

opensuse/opensuse 13.2

... and 1 more

Published Aug 16, 2015

Tracked Since Feb 18, 2026