CVE-2016-2839
- Source
- https://cve.org/CVERecord?id=CVE-2016-2839
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2839.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-2839
- Downstream
- Related
- Published
- 2016-08-05T01:59:06.033Z
- Modified
- 2026-03-15T22:06:19.418656Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo cairosurfacegetextents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
- http://www.securityfocus.com/bid/92261
- http://www.securitytracker.com/id/1036508
- https://security.gentoo.org/glsa/201701-15
- http://www.mozilla.org/security/announce/2016/mfsa2016-65.html
- http://www.ubuntu.com/usn/USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1275339
Affected packages
Git /
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2839.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "47.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "45.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "45.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "45.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "45.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "48.0"
}
]
},
{
"events": [
{
"introduced": "45.x"
},
{
"fixed": "45.3"
}
]
}
]