CVE-2014-1509

Sažetak

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.

Reference

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
http://rhn.redhat.com/errata/RHSA-2014-0310.html
http://rhn.redhat.com/errata/RHSA-2014-0316.html
http://www.mozilla.org/security/announce/2014/mfsa2014-27.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/66425
http://www.ubuntu.com/usn/USN-2151-1
https://bugzilla.mozilla.org/show_bug.cgi?id=966021
https://security.gentoo.org/glsa/201504-01

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

03-08-2020 - 16:08

Objavljeno

19-03-2014 - 10:55