CVE-2014-1545
nspr - security update
EPSS 2.9%
Description
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
How to fix CVE-2014-1545
To remediate CVE-2014-1545, upgrade the affected package to a fixed version below.
- Debian/nspr—upgrade to 2:4.10.6-1 or later
- Debian/nspr—upgrade to 4.8.6-1+squeeze2 or later
- Debian/nspr—upgrade to 2:4.9.2-1+deb7u2 or later
Is CVE-2014-1545 being exploited?
Low — EPSS is 2.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2:4.10.6-1
- from 0, < 4.8.6-1+squeeze2
- from 0, < 2:4.9.2-1+deb7u2