Vulnerability Details : CVE-2015-4511
Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.
Vulnerability category: OverflowExecute code
Products affected by CVE-2015-4511
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4511
8.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4511
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-4511
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4511
-
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
[security-announce] openSUSE-SU-2015:1679-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
[security-announce] openSUSE-SU-2015:1658-1: important: Security update
-
http://www.debian.org/security/2015/dsa-3365
Debian -- Security Information -- DSA-3365-1 iceweasel
-
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html
[security-announce] SUSE-SU-2015:1703-1: important: Security update for
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
http://rhn.redhat.com/errata/RHSA-2015-1834.html
RHSA-2015:1834 - Security Advisory - Red Hat Customer Portal
-
http://www.mozilla.org/security/announce/2015/mfsa2015-105.html
Buffer overflow while decoding WebM video — MozillaVendor Advisory
-
http://www.ubuntu.com/usn/USN-2754-1
USN-2754-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/76816
Mozilla Firefox Multiple Security Vulnerabilities
-
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
[security-announce] SUSE-SU-2015:2081-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html
[security-announce] SUSE-SU-2015:1680-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
[security-announce] openSUSE-SU-2015:1681-1: important: Security update
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1200148
1200148 - (CVE-2015-4511) Heap-buffer-overflow due to overflow in nestegg_track_codec_data
-
http://www.securitytracker.com/id/1033640
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Gain Elevated Privileges - SecurityTracker
Jump to