CVE-2016-1951
Published: 10 June 2016
Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.
Priority
CVSS 3 base score: 8.6
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(45.0)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(47.0+build3-0ubuntu0.16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [47.0+build3-0ubuntu0.14.04.1])
|
|
nspr Launchpad, Ubuntu, Debian |
Upstream |
Released
(2:4.12-1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(2:4.12-0ubuntu0.16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(2:4.12-0ubuntu0.14.04.1)
|
|
Patches: Upstream: https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2 |
||
thunderbird Launchpad, Ubuntu, Debian |
Upstream |
Released
(45.0)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1:45.2.0+build1-0ubuntu0.16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [1:45.2.0+build1-0ubuntu0.14.04.3])
|