CVE-2015-7222: Buffer Overflow
First published: Wed Dec 16 2015(Updated: )
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =38.0 | |
| Firefox | =38.0.1 | |
| Firefox | =38.0.5 | |
| Firefox | =38.1.0 | |
| Firefox | =38.1.1 | |
| Firefox | =38.2.0 | |
| Firefox | =38.2.1 | |
| Firefox | =38.3.0 | |
| Firefox | =38.4.0 | |
| SUSE Linux | =42.1 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| Red Hat Fedora | =22 | |
| Red Hat Fedora | =23 | |
| Firefox | <=42.0 | |
| Firefox ESR | =38.0 | |
| Firefox ESR | =38.0.1 | |
| Firefox ESR | =38.0.5 | |
| Firefox ESR | =38.1.0 | |
| Firefox ESR | =38.1.1 | |
| Firefox ESR | =38.2.0 | |
| Firefox ESR | =38.2.1 | |
| Firefox ESR | =38.3.0 | |
| Firefox ESR | =38.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
- http://rhn.redhat.com/errata/RHSA-2015-2657.html
- http://www.debian.org/security/2015/dsa-3422
- http://www.mozilla.org/security/announce/2015/mfsa2015-147.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/79279
- http://www.securitytracker.com/id/1034426
- http://www.ubuntu.com/usn/USN-2833-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1216748
- https://security.gentoo.org/glsa/201512-10
Frequently Asked Questions
What is the severity of CVE-2015-7222?
CVE-2015-7222 has a high severity rating due to its potential to allow remote attackers to execute arbitrary code or cause a denial of service.
How do I fix CVE-2015-7222?
To fix CVE-2015-7222, update Mozilla Firefox and Firefox ESR to version 43.0 or later, or apply the relevant security patches provided by your operating system vendor.
Which versions of Firefox are affected by CVE-2015-7222?
CVE-2015-7222 affects Mozilla Firefox versions up to 42.0 and Firefox ESR versions up to 38.4.0.
What kind of attacks can CVE-2015-7222 facilitate?
CVE-2015-7222 allows attackers to exploit an integer underflow vulnerability which can lead to arbitrary code execution or application crashes.
Is there a workaround for CVE-2015-7222?
There are no effective workarounds for CVE-2015-7222 other than upgrading to the secure versions of the browsers.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/38.0
- version/firefox/38.0.1
- version/firefox/38.0.5
- version/firefox/38.1.0
- version/firefox/38.1.1
- version/firefox/38.2.0
- version/firefox/38.2.1
- version/firefox/38.3.0
- version/firefox/38.4.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.1
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/22
- version/red hat fedora/23
- version/firefox/42.0
- canonical/firefox esr
- version/firefox esr/38.0
- version/firefox esr/38.0.1
- version/firefox esr/38.0.5
- version/firefox esr/38.1.0
- version/firefox esr/38.1.1
- version/firefox esr/38.2.0
- version/firefox esr/38.2.1
- version/firefox esr/38.3.0
- version/firefox esr/38.4.0