10

CVE-2014-1528

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

Data is provided by the National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
CanonicalUbuntu Linux Version14.04 SwEditionlts
OpensuseOpensuse Version13.1
Opensuse ProjectOpensuse Version12.3
OracleSolaris Version11.3
MozillaFirefox Version28.0
   MicrosoftWindows
MozillaSeamonkey Version2.25 Update-
   MicrosoftWindows
FedoraprojectFedora Version19
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.12% 0.762
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1030163
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030164
Third Party Advisory
VDB Entry