CVE-2016-1951

Published: 10 June 2016

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.

Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(45.0)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(47.0+build3-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [47.0+build3-0ubuntu0.14.04.1])
nspr
Launchpad, Ubuntu, Debian
Upstream
Released (2:4.12-1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2:4.12-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:4.12-0ubuntu0.14.04.1)
Patches:
Upstream: https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (45.0)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:45.2.0+build1-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:45.2.0+build1-0ubuntu0.14.04.3])