CVE-2015-4512

gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
http://www.mozilla.org/security/announce/2015/mfsa2015-107.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/76815
http://www.securitytracker.com/id/1033640
http://www.ubuntu.com/usn/USN-2743-1
http://www.ubuntu.com/usn/USN-2743-2
http://www.ubuntu.com/usn/USN-2743-3
http://www.ubuntu.com/usn/USN-2743-4
https://bugzilla.mozilla.org/show_bug.cgi?id=1170390

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-09-24 04:59

Updated : 2024-02-28 15:21

NVD link : CVE-2015-4512

Mitre link : CVE-2015-4512

CVE.ORG link : CVE-2015-4512

JSON object : View

Products Affected

mozilla

firefox

linux

linux_kernel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2015-4512", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-24T04:59:15.317", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html", "source": "security@mozilla.org"}, {"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-107.html", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "source": "security@mozilla.org"}, {"url": "http://www.securityfocus.com/bid/76815", "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1033640", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2743-1", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2743-2", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2743-3", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2743-4", "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1170390", "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering."}, {"lang": "es", "value": "Vulnerabilidad en gfx/2d/DataSurfaceHelpers.cpp en Mozilla Firefox en versiones anteriores a 41.0 en Linux, intenta utilizar indebidamente la librer\u00eda Cairo con la creaci\u00f3n de 32 bits de profundidad de color seguido por la muestra de 16 bits de profundidad de color de pantalla, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de memoria de proceso o provocar una denegaci\u00f3n de servicio (lectura fuera de rango) mediante el uso de un elemento CANVAS para desencadenar un renderizado 2D."}], "lastModified": "2016-12-22T02:59:55.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EE7B0EF-4A3A-4353-8B50-6F28B5CADBDB", "versionEndIncluding": "40.0.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@mozilla.org"}