CVE-2016-1933

MEDIUM

Mozilla Firefox <44.0 - DoS

Title source: llm

Description

Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.

References (9)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

[Vendor Advisory] http://www.mozilla.org/security/announce/2016/mfsa2016-02.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034825

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2880-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2880-2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/81956

[Third Party Advisory] https://security.gentoo.org/glsa/201605-06

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1231761

Scores

CVSS v3 6.5

EPSS 0.0078

EPSS Percentile 73.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-189

Status draft

Affected Products (4)

opensuse/leap

opensuse/opensuse

mozilla/firefox < 43.0.4

Timeline

Published Jan 31, 2016

Tracked Since Feb 18, 2026