Published: 07/08/2016 Updated: 28/11/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4.7 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) prior to 4.12 allow remote malicious users to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla netscape portable runtime

Several security issues were fixed in Thunderbird ...

NSPR could be made to crash or run programs if it received specially crafted input ...

Two vulnerabilities were reported in NSPR, a library to abstract over operating system interfaces developed by the Mozilla project CVE-2016-1951 q1 reported that the NSPR implementation of sprintf-style string formatting function miscomputed memory allocation sizes, potentially leading to heap-based buffer overflows The second issue ...

Multiple integer overflows in io/prprfc in Mozilla Netscape Portable Runtime (NSPR) before 412 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function ...

CWE-190 https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2 https://bugzilla.mozilla.org/show_bug.cgi?id=1174015 http://www.ubuntu.com/usn/USN-3023-1 http://www.securityfocus.com/bid/92385 http://www.securitytracker.com/id/1036590 https://usn.ubuntu.com/3023-1/https://nvd.nist.gov

CVE-2016-1951

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect