CVE-2016-1951

Published: 10 June 2016

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.

Priority

CVSS 3 base score: 8.6

Status

Package	Release	Status
firefox Launchpad, Ubuntu, Debian	Upstream	Not vulnerable (45.0)




	Ubuntu 16.04 LTS (Xenial Xerus)	Not vulnerable (47.0+build3-0ubuntu0.16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was not-affected [47.0+build3-0ubuntu0.14.04.1])
nspr Launchpad, Ubuntu, Debian	Upstream	Released (2:4.12-1)




	Ubuntu 16.04 LTS (Xenial Xerus)	Released (2:4.12-0ubuntu0.16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2:4.12-0ubuntu0.14.04.1)
	Patches: Upstream: https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2
thunderbird Launchpad, Ubuntu, Debian	Upstream	Released (45.0)




	Ubuntu 16.04 LTS (Xenial Xerus)	Released (1:45.2.0+build1-0ubuntu0.16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was released [1:45.2.0+build1-0ubuntu0.14.04.3])

References

Bugs

https://bugzilla.mozilla.org/show_bug.cgi?id=1174015

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM