CVE-2016-2837

MEDIUM Year: 2016
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-119
View all →

Vulnerability Description

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.

Related Vulnerabilities

CVE-2013-3245

MEDIUM
CVSS:6.3(Medium)

plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a ...

CWE-1192013

CVE-2016-1176

MEDIUM
CVSS:6.3(Medium)

Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page.

CWE-1192016

CVE-2016-1628

MEDIUM
CVSS:6.3(Medium)

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of ser...

CWE-1192016

CVE-2016-1737

MEDIUM
CVSS:6.3(Medium)

Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.

CWE-1192016

CVE-2016-5728

MEDIUM
CVSS:6.3(Medium)

Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memo...

CWE-1192016

CVE-2017-12278

MEDIUM
CVSS:6.3(Medium)

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resul...

CWE-1192017