CVE-2013-0772

CWE-119Buffer OverflowCWE-125Out-of-bounds Read20 documents6 sources
Severity
5.8MEDIUM
EPSS
1.3%
top 20.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Mozilla FirefoxMozilla SeamonkeyCanonical Ubuntu Linux+6 more
Timeline
PublishedFeb 19
Latest updateMay 13

Description

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

CVSS vector

AV:N/AC:M/C:P/I:N/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages6 packages

NVDmozilla/firefox< 19.0
NVDmozilla/seamonkey< 2.16
NVDopensuse/opensuse11.4, 12.1, 12.2+2

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10, Enterprise Linux 5.9, 6.3

Patches

Patch: www.mozilla.orgPatch: bugzilla.mozilla.orgPatch: www.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-cmfr-58hp-ff9g: The RasterImage::DrawFrameTo function in Mozilla Firefox before 192022-05-13
CVEList
CVE-2013-0772: The RasterImage::DrawFrameTo function in Mozilla Firefox before 192013-02-19

📋Vendor Advisories

3
Red Hat
mysql: unspecified DoS related to Server Options (CPU July 2013)2013-07-17
Ubuntu
Firefox vulnerabilities2013-02-20
Red Hat
Mozilla: Out-of-bounds read in image rendering (MFSA 2013-22)2013-02-19

💬Community

14
Bugzilla
CVE-2013-2375 mysql: unspecified vulnerability related to Server Privileges (CPU April 2013)2013-04-16
Bugzilla
CVE-2013-1548 mysql: unspecified DoS related to Server Types (CPU April 2013)2013-04-16
Bugzilla
CVE-2013-2378 mysql: unspecified vulnerability related to Information Schema (CPU April 2013)2013-04-16
Bugzilla
CVE-2013-1555 mysql: unspecified DoS related to Server Partition (CPU April 2013)2013-04-16
Bugzilla
CVE-2013-1531 mysql: unspecified vulnerability related to Server Privileges (CPU April 2013)2013-04-16
CVE-2013-0772 (MEDIUM CVSS 5.8) | The RasterImage::DrawFrameTo functi | cvebase.io