CVE-2016-1956

Description

Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.

References

Link	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1199923
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html	vendor advisory
http://www.ubuntu.com/usn/USN-2917-1	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html	vendor advisory
http://www.mozilla.org/security/announce/2016/mfsa2016-19.html	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	vendor advisory
http://www.securitytracker.com/id/1035215	vdb entry
https://security.gentoo.org/glsa/201605-06	vendor advisory
http://www.ubuntu.com/usn/USN-2917-2	vendor advisory
http://www.ubuntu.com/usn/USN-2917-3	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2016-1956?: CVE-2016-1956 has been scored as a medium severity vulnerability.
How to fix CVE-2016-1956?: To fix CVE-2016-1956, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2016-1956 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2016-1956 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-399 – Resource Management Errors

References

Frequently Asked Questions