Vulnerability Details : CVE-2015-7203
Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font-family name.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-7203
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7203
2.00%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7203
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-7203
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7203
-
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
openSUSE-SU-2016:0307-1: moderate: Security update for seamonkey
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
[SECURITY] Fedora 22 Update: firefox-43.0-1.fc22
-
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
openSUSE-SU-2016:0308-1: moderate: Security update for Seamonkey
-
https://security.gentoo.org/glsa/201512-10
Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security
-
http://www.securityfocus.com/bid/79280
Mozilla Firefox Multiple Security Vulnerabilities
-
http://www.securitytracker.com/id/1034426
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Same-Origin Policy, and Cause Denial of Service Conditions - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
openSUSE-SU-2015:2353-1: moderate: Security update for MozillaFirefox
-
https://hg.mozilla.org/mozilla-central/rev/e1bcc04808cc
mozilla-central: changeset 261895:e1bcc04808cc815f6f4f3f9d8103817ea48ff2a7
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
[SECURITY] Fedora 23 Update: firefox-43.0-1.fc23
-
http://www.ubuntu.com/usn/USN-2833-1
USN-2833-1: Firefox vulnerabilities | Ubuntu security notices
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1201183
1201183 - (CVE-2015-7203) Buffer overflow on OOM in DirectWriteFontInfo::LoadFontFamilyData
-
http://www.mozilla.org/security/announce/2015/mfsa2015-144.html
Buffer overflows found through code inspection — MozillaVendor Advisory
Jump to