LAYER: meta-oe PACKAGE NAME: nspr PACKAGE VERSION: 4.35 CVE: CVE-2013-5607 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5607 LAYER: meta-oe PACKAGE NAME: nspr PACKAGE VERSION: 4.35 CVE: CVE-2014-1545 CVE STATUS: Patched CVE SUMMARY: Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1545 LAYER: meta-oe PACKAGE NAME: nspr PACKAGE VERSION: 4.35 CVE: CVE-2016-1951 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1951