CyberSec.Space Logo
Back to CVE Browser

CVE-2015-7205

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0820%
EPSS Percentile20.62th
PublishedDec 16, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.

Affected Platforms (CPE)

πŸ’»
Fedoraproject

Fedora

= 22
πŸ’»
Fedoraproject

Fedora

= 23
πŸ“¦
Mozilla

Firefox

= 38.0
πŸ“¦
Mozilla

Firefox

= 38.0.1
πŸ“¦
Mozilla

Firefox

= 38.0.5
πŸ“¦
Mozilla

Firefox

= 38.1.0
πŸ“¦
Mozilla

Firefox

= 38.1.1
πŸ“¦
Mozilla

Firefox

= 38.2.0
πŸ“¦
Mozilla

Firefox

= 38.2.1
πŸ“¦
Mozilla

Firefox

= 38.3.0
πŸ“¦
Mozilla

Firefox

= 38.4.0
πŸ’»
Opensuse

Leap

= 42.1
πŸ’»
Opensuse

Opensuse

= 13.1
πŸ’»
Opensuse

Opensuse

= 13.2
πŸ“¦
Mozilla

Firefox

<= 42.0

References & Advisories

πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
πŸ”— http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html

Related Vulnerabilities

CVE-2009-189610.0

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedo...

CVE-2012-265310.0

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might...

CVE-2006-374210.0

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a ...

CVE-2017-121709.8

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configur...