CVE-2015-0797

Advisory lineage Upstream: 0 Downstream: 9

Downstream

DLA-2164-1 DSA-3225-1 DSA-3260-1 DSA-3264-1 MGASA-2015-0188 RHSA-2015:0988

Modified

Published: 14 May 2015, 10:00

Last modified:06 Aug 2024, 04:26

Vulnerability Summary

Overall Risk (default)

medium

29/100

CVSS Score

6.8 MEDIUM

v2.0 (nvd)

EPSS Score

7.61% LOW

8% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 May 2015, 10:00

Published

Vulnerability first disclosed

06 Aug 2024, 04:26

Last Modified

Vulnerability information updated

Description

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.

CVSS Metrics

v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 7.61%• Percentile: 92%

Affected Systems

debian•debian_linux
7.0 | 8.0 | 9.0
gstreamer_project•gstreamer
< 1.4.5
gstreamer•gstreamer
< 1.4.5
Unknown•Firefox
< 38.0 | ≥ 31.0, < 31.7
mozilla•seamonkey
< 2.35
mozilla•thunderbird
< 31.7 | ≥ 38.0, < 38.0.1
redhat•enterprise_linux_desktop
5.0 | 6.0 | 7.0
redhat•enterprise_linux_eus
6.6 | 7.1 | 7.2 | 7.3 | 7.4 | 7.5 | 7.6 | 7.7
redhat•enterprise_linux_server
5.0 | 6.0 | 7.0
redhat•enterprise_linux_server_aus
6.6 | 7.3 | 7.4 | 7.6 | 7.7
redhat•enterprise_linux_server_tus
6.6 | 7.3 | 7.6 | 7.7
redhat•enterprise_linux_workstation
5.0 | 6.0 | 7.0
suse•linux_enterprise_desktop
11:sp3
suse•linux_enterprise_server
11:sp3
suse•linux_enterprise_software_development_kit
11:sp3