Abhishek Arya discovered that NSPR incorrectly handled certain console functions. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libnspr4", "binary_version": "2:4.10.2-1ubuntu1.1" }, { "binary_name": "libnspr4-0d", "binary_version": "2:4.10.2-1ubuntu1.1" }, { "binary_name": "libnspr4-dbg", "binary_version": "2:4.10.2-1ubuntu1.1" }, { "binary_name": "libnspr4-dev", "binary_version": "2:4.10.2-1ubuntu1.1" } ] }