{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01.000Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "openSUSE-SU-2015:1454", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"name": "USN-2702-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186718"}, {"name": "openSUSE-SU-2015:1389", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"name": "openSUSE-SU-2015:1453", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"name": "RHSA-2015:1586", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html"}, {"name": "1033247", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033247"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://hg.mozilla.org/mozilla-central/rev/a674c7019cb5"}, {"name": "USN-2702-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"name": "USN-2702-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "DSA-3333", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3333"}, {"name": "openSUSE-SU-2015:1390", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2015-4493", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2015:1454", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"name": "USN-2702-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186718", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186718"}, {"name": "openSUSE-SU-2015:1389", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"name": "openSUSE-SU-2015:1453", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"name": "RHSA-2015:1586", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html"}, {"name": "1033247", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033247"}, {"name": "https://hg.mozilla.org/mozilla-central/rev/a674c7019cb5", "refsource": "CONFIRM", "url": "https://hg.mozilla.org/mozilla-central/rev/a674c7019cb5"}, {"name": "USN-2702-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"name": "USN-2702-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"name": "GLSA-201605-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "DSA-3333", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3333"}, {"name": "openSUSE-SU-2015:1390", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:18:11.481Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2015:1454", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"name": "USN-2702-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186718"}, {"name": "openSUSE-SU-2015:1389", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"name": "openSUSE-SU-2015:1453", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"name": "RHSA-2015:1586", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html"}, {"name": "1033247", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033247"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://hg.mozilla.org/mozilla-central/rev/a674c7019cb5"}, {"name": "USN-2702-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"name": "USN-2702-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "DSA-3333", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3333"}, {"name": "openSUSE-SU-2015:1390", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2015-4493", "datePublished": "2015-08-16T01:00:00.000Z", "dateReserved": "2015-06-10T00:00:00.000Z", "dateUpdated": "2024-08-06T06:18:11.481Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "40AB4FC4-00EA-4C4E-81D8-170BD068B28B", "versionEndIncluding": "39.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*", "matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n stagefright::ESDS::parseESDescriptor en libstagefright en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un campo de tama\u00f1o no v\u00e1lido en un fragmento esds en los datos de v\u00eddeo MPEG-4, un caso relacionado con CVE-2015-1539."}], "id": "CVE-2015-4493", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-08-16T01:59:21.987", "references": [{"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3333"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1033247"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186718"}, {"source": "security@mozilla.org", "url": "https://hg.mozilla.org/mozilla-central/rev/a674c7019cb5"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201605-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-83.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2702-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2702-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2702-3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186718"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hg.mozilla.org/mozilla-central/rev/a674c7019cb5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201605-06"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2015:1586", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:38.2.0-4.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-08-11T00:00:00Z"}, {"advisory": "RHSA-2015:1586", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:38.2.0-4.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-08-11T00:00:00Z"}, {"advisory": "RHSA-2015:1586", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:38.2.0-4.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-08-11T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Overflow issues in libstagefright (MFSA 2015-83)", "id": "1252285", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252285"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "(CWE-190|CWE-119)", "details": ["Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539."], "name": "CVE-2015-4493", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-08-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-4493\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4493\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-83.html"], "threat_severity": "Critical"}

{}