{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1930?format=json","vulnerability_id":"VCID-7yr6-9vzv-g3h3","summary":"An anonymous security researcher working with Trend Micro's Zero Day Initiative\nreported a buffer overflow in the ClearKey Content Decryption Module (CDM) used by the\nEncrypted Media Extensions (EME) API. This vulnerability can be triggered using a\nmalformed video file due to incorrect error handling. This could allow arbitrary code\nexecution if combined with a second vulnerability that allows an escape from the Gecko\nMedia Plugin (GMP) sandbox. Without such a vulnerability, the buffer overflow is contained\nwithin the GMP sandbox and cannot be exploited.","aliases":[{"alias":"CVE-2016-2837"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/898?format=json","purl":"pkg:mozilla/Firefox@48.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@48.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/899?format=json","purl":"pkg:mozilla/Firefox%20ESR@45.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.3.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2837","reference_id":"CVE-2016-2837","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2837"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-77","reference_id":"mfsa2016-77","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-77"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7yr6-9vzv-g3h3"}