CVE-2015-4485
EPSS 6.1%
Description
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
How to fix CVE-2015-4485
To remediate CVE-2015-4485, upgrade the affected package to a fixed version below.
- Debian/libvpx—upgrade to 1.4.0-1 or later
Is CVE-2015-4485 being exploited?
Moderate — EPSS is 6.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.4.0-1