CVE-2014-1528 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

10.0CRITICALNVD

EPSS

1.3%

top 20.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Canonical Ubuntu Linux Fedoraproject Fedora +4 more

Timeline

PublishedApr 30

Latest updateMay 14

Description

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

▶Ubuntumozilla/firefox< 29.0+build1-0ubuntu0.14.04.2

▶NVDmozilla/firefox28.0

▶NVDmozilla/seamonkey2.25

▶NVDoracle/solaris11.3

▶NVDopensuse/opensuse13.1

Also affects: Fedora 19, Ubuntu Linux 12.04, 12.10, 13.10, 14.04

🔴Vulnerability Details

GHSA

GHSA-f2rm-8cg8-377q: The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28↗2022-05-14

▶

CVEList

CVE-2014-1528: The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28↗2014-04-30

▶

OSV

CVE-2014-1528: The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28↗2014-04-29

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2014-04-29

▶

Red Hat

Mozilla: Out-of-bounds write in Cairo (MFSA 2014-41)↗2014-04-29

▶

💬Community

Bugzilla

CVE-2014-1528 Mozilla: Out-of-bounds write in Cairo (MFSA 2014-41)↗2014-05-12

▶