Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1564Access of Uninitialized Pointer in Mozilla Firefox

CWE-824Access of Uninitialized Pointer9 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
14.3%
top 5.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Mozilla FirefoxMozilla ThunderbirdOpensuse Evergreen+1 more
Timeline
PublishedSep 3
Latest updateMay 14

Description

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages6 packages

Ubuntumozilla/firefox< 32.0+build1-0ubuntu0.14.04.1
NVDmozilla/firefox31.1.0+2
Ubuntumozilla/thunderbird< 1:31.1.1+build1-0ubuntu0.14.04.1
NVDopensuse/opensuse12.3, 13.1+1

🔴Vulnerability Details

3
GHSA
GHSA-cmpx-j54c-xj6j: Mozilla Firefox before 322022-05-14
CVEList
CVE-2014-1564: Mozilla Firefox before 322014-09-03
OSV
CVE-2014-1564: Mozilla Firefox before 322014-09-02

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 9.0.1 / Thunderbird 3.1.20 - Information Disclosure2014-09-02

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2014-09-11
Red Hat
Mozilla: Uninitialized memory use during GIF rendering (MFSA 2014-69)2014-09-03
Ubuntu
Firefox vulnerabilities2014-09-02

💬Community

1
Bugzilla
CVE-2014-1564 Mozilla: Uninitialized memory use during GIF rendering (MFSA 2014-69)2014-09-01
CVE-2014-1564 — Access of Uninitialized Pointer | cvebase