CVE-2015-4475 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-4475?

CVE-2015-4475 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-4475?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Canonical Ubuntu Linux, Opensuse Opensuse.

Vulnerability Description

The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	<= 39.0.3
Canonical	Ubuntu Linux	12.04
Opensuse	Opensuse	13.1

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2015-4475?

CVE-2015-4475 is a vulnerability with a CVSS score of 7.5 (HIGH). The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute a...

How severe is CVE-2015-4475?

CVE-2015-4475 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4475?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Canonical Ubuntu Linux, Opensuse Opensuse.