The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2015-08-16T01:00:00
Updated: 2024-08-06T06:18:11.081Z
Reserved: 2015-06-10T00:00:00
Link: CVE-2015-4475
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-08-16T01:59:03.427
Modified: 2018-10-30T16:27:35.843
Link: CVE-2015-4475
Redhat