Skip to main content

Suse Package Hub For Suse Linux Enterprise CVE-2016-1957

MEDIUM
Buffer Overflow (CWE-119)
2016-03-13 security@mozilla.org
4.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Mar 13, 2016 - 18:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.

AnalysisAI

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. Affected products include: Novell Suse Package Hub For Suse Linux Enterprise, Opensuse Leap, Opensuse, Mozilla Firefox, Mozilla Thunderbird. Version information: before 45.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2016-4303 CRITICAL POC
9.8 Sep 26

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to c

CVE-2019-9811 HIGH POC
8.3 Jul 23

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack a

CVE-2016-1629 CRITICAL
9.8 Feb 21

Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protecti

CVE-2016-1954 HIGH
8.8 Mar 13

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 3

CVE-2019-11717 MEDIUM POC
5.3 Jul 23

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used

CVE-2016-1704 HIGH
8.8 Jul 03

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service

CVE-2016-1953 HIGH
8.8 Mar 13

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to caus

CVE-2016-2818 HIGH
8.8 Jun 13

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45

CVE-2016-1952 HIGH
8.8 Mar 13

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38

CVE-2019-13730 HIGH
8.8 Dec 10

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit hea

CVE-2019-11338 HIGH
8.8 Apr 19

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attacke

CVE-2016-1956 MEDIUM
6.5 Mar 13

Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of s

Share

CVE-2016-1957 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy