CVE-2015-4475 (retired)

Priority
Description
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox
ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3
audio data, which allows remote attackers to execute arbitrary code or
cause a denial of service (out-of-bounds read) via a malformed file.
Assigned-to
chrisccoulson
Package
Upstream:released (40.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (40.0+build4-0ubuntu0.14.04.1)
More Information

Updated: 2019-03-26 12:15:36 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)