CVE-2014-1557

Sažetak

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.

Reference

http://linux.oracle.com/errata/ELSA-2014-0918.html
http://secunia.com/advisories/59591
http://secunia.com/advisories/59719
http://secunia.com/advisories/59760
http://secunia.com/advisories/60083
http://secunia.com/advisories/60306
http://secunia.com/advisories/60486
http://secunia.com/advisories/60621
http://secunia.com/advisories/60628
http://www.debian.org/security/2014/dsa-2986
http://www.debian.org/security/2014/dsa-2996
http://www.mozilla.org/security/announce/2014/mfsa2014-64.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/68824
http://www.securitytracker.com/id/1030619
http://www.securitytracker.com/id/1030620
https://bugzilla.mozilla.org/show_bug.cgi?id=913805
https://security.gentoo.org/glsa/201504-01

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-01-2017 - 02:59

Objavljeno

23-07-2014 - 11:12