CVE-2016-2814
Published on: 04/30/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:15 PM UTC
Certain versions of Firefox from Mozilla contain the following vulnerability:
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
- CVE-2016-2814 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
Mozilla Firefox, Thunderbird: Multiple vulnerabilities (GLSA 201701-15) — Gentoo security | security.gentoo.org text/html |
![]() |
[security-announce] openSUSE-SU-2016:1211-1: important: Security update | lists.opensuse.org text/html |
![]() |
openSUSE-SU-2016:1251-1: moderate: Security update to Firefox 46.0 | lists.opensuse.org text/html |
![]() |
USN-2936-2: Oxygen-GTK3 update | Ubuntu | www.ubuntu.com text/html |
![]() |
Buffer overflow in libstagefright with CENC offsets — Mozilla | Vendor Advisory www.mozilla.org text/html |
![]() |
Oracle Linux Bulletin - April 2016 | www.oracle.com text/html |
![]() |
USN-2936-1: Firefox vulnerabilities | Ubuntu | www.ubuntu.com text/html |
![]() |
[security-announce] SUSE-SU-2016:1258-1: important: Security update for | lists.opensuse.org text/html |
![]() |
USN-2936-3: Firefox regression | Ubuntu | www.ubuntu.com text/html |
![]() |
[security-announce] SUSE-SU-2016:1374-1: important: Security update for | lists.opensuse.org text/html |
![]() |
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Gain Elevated Privileges, Bypass Security Restrictions, and Obtain Potentially Sensitive Information - SecurityTracker | www.securitytracker.com text/html |
![]() |
Debian -- Security Information -- DSA-3559-1 iceweasel | www.debian.org Depreciated Link text/html |
![]() |
1254721 - (CVE-2016-2814) Crash [@ stagefright::SampleTable::parseSampleCencInfo] with heap buffer overflow in libstagefright. | bugzilla.mozilla.org text/html |
![]() |
[security-announce] SUSE-SU-2016:1352-1: important: Security update for | lists.opensuse.org text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Mozilla | Firefox | 45.0.1 | All | All | All |
Application | Mozilla | Firefox | 45.0.1 | All | All | All |
Application | Mozilla | Firefox | All | All | All | All |
Application | Mozilla | Firefox Esr | 38.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0.5 | All | All | All |
Application | Mozilla | Firefox Esr | 38.1.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.1.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.2.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.2.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.3.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.4.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.5.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.5.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.6.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.6.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.7.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.7.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0.5 | All | All | All |
Application | Mozilla | Firefox Esr | 38.1.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.1.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.2.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.2.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.3.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.4.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.5.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.5.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.6.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.6.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.7.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.7.1 | All | All | All |
- cpe:2.3:a:mozilla:firefox:45.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox:45.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.7.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.7.1:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE