Your submission was sent successfully! Close

CVE-2016-1946

Published: 26 January 2016

The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a denial of service (integer overflow and buffer overflow) or possibly have unspecified other impact via crafted metadata.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
precise
Released (44.0+build3-0ubuntu0.12.04.1)
trusty Does not exist
(trusty was released [44.0+build3-0ubuntu0.14.04.1])
upstream
Released (44.0)
vivid
Released (44.0+build3-0ubuntu0.15.04.1)
wily
Released (44.0+build3-0ubuntu0.15.10.1)
thunderbird
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Not vulnerable

vivid Ignored
(reached end-of-life)
wily Not vulnerable