VulnerableCode Package Details - pkg:deb/ubuntu/nspr@2:4.10.10-0ubuntu0.14.04.1

Search for packages

Package details: pkg:deb/ubuntu/nspr@2:4.10.10-0ubuntu0.14.04.1

Essentials
History (0)

purl	pkg:deb/ubuntu/nspr@2:4.10.10-0ubuntu0.14.04.1

Next non-vulnerable version	2:4.12-0ubuntu0.14.04.1
Latest non-vulnerable version	2:4.12-0ubuntu0.16.04.1
Risk	3.9

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-8z64-29q3-aaac Aliases: CVE-2016-1951	Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.	2:4.12-0ubuntu0.14.04.1 Affected by 0 other vulnerabilities. 2:4.12-0ubuntu0.16.04.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8z64-29q3-aaac
Aliases:
CVE-2016-1951

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.

2:4.12-0ubuntu0.14.04.1
Affected by 0 other vulnerabilities.

2:4.12-0ubuntu0.16.04.1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-hgt2-fb1s-aaae	Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.	CVE-2015-7183

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version