Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-1951

Published: 10 June 2016

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.

Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was not-affected [47.0+build3-0ubuntu0.12.04.1])
trusty Does not exist
(trusty was not-affected [47.0+build3-0ubuntu0.14.04.1])
upstream Not vulnerable
(45.0)
wily Not vulnerable
(47.0+build3-0ubuntu0.15.10.1)
xenial Not vulnerable
(47.0+build3-0ubuntu0.16.04.1)
yakkety Not vulnerable
(47.0+build3-0ubuntu1)
zesty Not vulnerable
(47.0+build3-0ubuntu1)
nspr
Launchpad, Ubuntu, Debian
precise
Released (4.12-0ubuntu0.12.04.1)
trusty
Released (2:4.12-0ubuntu0.14.04.1)
upstream
Released (2:4.12-1)
wily
Released (2:4.12-0ubuntu0.15.10.1)
xenial
Released (2:4.12-0ubuntu0.16.04.1)
yakkety Not vulnerable
(2:4.12-2ubuntu1)
zesty Not vulnerable
(2:4.12-2ubuntu1)
Patches:
upstream: https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2
thunderbird
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was released [1:45.2.0+build1-0ubuntu0.12.04.1])
trusty Does not exist
(trusty was released [1:45.2.0+build1-0ubuntu0.14.04.3])
upstream
Released (45.0)
wily
Released (1:45.2.0+build1-0ubuntu0.15.10.1)
xenial
Released (1:45.2.0+build1-0ubuntu0.16.04.1)
yakkety
Released (1:45.2.0+build1-0ubuntu1)
zesty
Released (1:45.2.0+build1-0ubuntu1)