Buffer Over-read and Application Crash in Mozilla Firefox's QCMS Library

Buffer Over-read and Application Crash in Mozilla Firefox's QCMS Library

CVE-2015-4504 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.