Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-45ft-s6nr-7bae

Summary

Using Address Sanitizer, security researcher Sascha Just reported a
buffer overflow in the libstagefright library due to issues with the handling of CENC
offsets and the sizes table. This results in a potentially exploitable crash triggerable
through web content.

Aliases

alias	CVE-2016-2814

Fixed_packages

url	pkg:deb/debian/firefox@46.0-1?distro=sid
purl	pkg:deb/debian/firefox@46.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@46.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox-esr@45.1.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@45.1.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@45.1.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gwvj-7ub4-c3g7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gwvj-7ub4-c3g7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gwvj-7ub4-c3g7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

url	pkg:ebuild/mail-client/thunderbird@45.6.0
purl	pkg:ebuild/mail-client/thunderbird@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@45.6.0

url	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
purl	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@45.6.0

url	pkg:ebuild/www-client/firefox@45.6.0
purl	pkg:ebuild/www-client/firefox@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox@45.6.0

url	pkg:ebuild/www-client/firefox-bin@45.6.0
purl	pkg:ebuild/www-client/firefox-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox-bin@45.6.0

url	pkg:mozilla/Firefox@46.0.0
purl	pkg:mozilla/Firefox@46.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@46.0.0

url	pkg:mozilla/Firefox%20ESR@38.8.0
purl	pkg:mozilla/Firefox%20ESR@38.8.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.8.0

url	pkg:mozilla/Firefox%20ESR@45.1.0
purl	pkg:mozilla/Firefox%20ESR@45.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.1.0

Affected_packages

url pkg:rpm/redhat/firefox@45.1.0-1?arch=el5_11

purl pkg:rpm/redhat/firefox@45.1.0-1?arch=el5_11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3pw8-7ptd-yuhp

vulnerability	VCID-45ft-s6nr-7bae

vulnerability	VCID-7cus-qpkt-gba1

vulnerability	VCID-d13e-63ax-h3af

vulnerability	VCID-epja-nwqw-wqh5

vulnerability	VCID-qs8v-4jk1-v7ee

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@45.1.0-1%3Farch=el5_11

url pkg:rpm/redhat/firefox@45.1.0-1?arch=el6_7

purl pkg:rpm/redhat/firefox@45.1.0-1?arch=el6_7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3pw8-7ptd-yuhp

vulnerability	VCID-45ft-s6nr-7bae

vulnerability	VCID-7cus-qpkt-gba1

vulnerability	VCID-d13e-63ax-h3af

vulnerability	VCID-epja-nwqw-wqh5

vulnerability	VCID-qs8v-4jk1-v7ee

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@45.1.0-1%3Farch=el6_7

url pkg:rpm/redhat/firefox@45.1.0-1?arch=el7_2

purl pkg:rpm/redhat/firefox@45.1.0-1?arch=el7_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3pw8-7ptd-yuhp

vulnerability	VCID-45ft-s6nr-7bae

vulnerability	VCID-7cus-qpkt-gba1

vulnerability	VCID-d13e-63ax-h3af

vulnerability	VCID-epja-nwqw-wqh5

vulnerability	VCID-qs8v-4jk1-v7ee

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@45.1.0-1%3Farch=el7_2

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2814.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2814.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2814

reference_id

reference_type

scores

value	0.02136
scoring_system	epss
scoring_elements	0.84472
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2814

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:C

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1330280
reference_id	1330280
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1330280

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814
reference_id	CVE-2016-2814
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-44

reference_id

mfsa2016-44

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-44

reference_url	https://access.redhat.com/errata/RHSA-2016:0695
reference_id	RHSA-2016:0695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0695

reference_url	https://usn.ubuntu.com/2936-1/
reference_id	USN-2936-1
reference_type
scores
url	https://usn.ubuntu.com/2936-1/

Weaknesses

Exploits

Severity_range_score 5.4 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45ft-s6nr-7bae

Vulnerability Instance