Search for vulnerabilities
| Vulnerability ID | VCID-q4q3-5jqa-y7ew |
| Aliases |
CVE-2015-4486
|
| Summary | Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in potentially exploitable crashes. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 9.0 |
| Risk | 4.5 |
| Affected and Fixed Packages | Package Details |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4486.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2015-4486 | ||
| 1252292 | https://bugzilla.redhat.com/show_bug.cgi?id=1252292 | |
| CVE-2015-4486 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486 | |
| mfsa2015-89 | https://www.mozilla.org/en-US/security/advisories/mfsa2015-89 | |
| RHSA-2015:1586 | https://access.redhat.com/errata/RHSA-2015:1586 | |
| USN-2702-1 | https://usn.ubuntu.com/2702-1/ |
| Percentile | 0.8373 |
| EPSS Score | 0.02192 |
| Published At | July 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:57.172449+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-89.md | 37.0.0 |