CVE-2015-2738 - OpenCVE

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Solaris
Suse	Linux Enterprise Software Development Kit Linux Enterprise Desktop Suse Linux Enterprise Server Linux Enterprise Server
Mozilla	Firefox Esr Thunderbird Firefox
Canonical	Ubuntu Linux
Debian	Debian Linux

Configuration 1 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:suse:linux_enterprise_desktop:12:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:::::::*
	cpe:2.3:o:suse:suse_linux_enterprise_server:12:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 4 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.2:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.4:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5.2:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5.3:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.6.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.7.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0:::::::*

Configuration 6 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 7 [-]

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://rhn.redhat.com/errata/RHSA-2015-1207.html
http://rhn.redhat.com/errata/RHSA-2015-1455.html
http://www.debian.org/security/2015/dsa-3300
http://www.debian.org/security/2015/dsa-3324	Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-66.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
http://www.securityfocus.com/bid/75541
http://www.securitytracker.com/id/1032783
http://www.securitytracker.com/id/1032784
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2673-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1167356	Issue Tracking
https://security.gentoo.org/glsa/201512-10