vulnerability
FreeBSD: brotli -- buffer overflow (Multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Feb 13, 2016 | Mar 10, 2016 | Jul 28, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Feb 13, 2016
Added
Mar 10, 2016
Modified
Jul 28, 2025
Description
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
Solutions
freebsd-upgrade-package-brotlifreebsd-upgrade-package-chromiumfreebsd-upgrade-package-firefoxfreebsd-upgrade-package-firefox-esrfreebsd-upgrade-package-libbrotlifreebsd-upgrade-package-libxulfreebsd-upgrade-package-seamonkey
References
- CVE-2016-1624
- https://attackerkb.com/topics/CVE-2016-1624
- CVE-2016-1968
- https://attackerkb.com/topics/CVE-2016-1968
- DEBIAN-DSA-3486
- URL-https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/
- URL-https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
- URL-https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e
- URL-https://www.mozilla.org/security/advisories/mfsa2016-30/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.