The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2015-08-16T01:00:00
Updated: 2016-12-22T18:57:01
Reserved: 2015-06-10T00:00:00
Link: CVE-2015-4475
JSON object: View
NVD Information
Status : Modified
Published: 2015-08-16T01:59:03.427
Modified: 2018-10-30T16:27:35.843
Link: CVE-2015-4475
JSON object: View
Redhat Information
No data.
CWE