CVE-2015-4486
EPSS 1.7%
Description
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
How to fix CVE-2015-4486
To remediate CVE-2015-4486, upgrade the affected package to a fixed version below.
- Debian/libvpx—upgrade to 1.4.0-1 or later
Is CVE-2015-4486 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.4.0-1