Description Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Exploitability: 3.9 | Impact: 3.6 Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High
Affected Packages3 packages
🔴 Vulnerability Details4 VulDB Mozilla Firefox up to 148 Graphics integer overflow (Nessus ID 303906 / WID-SEC-2026-0850) ↗ 2026-04-16 ▶ GHSA GHSA-pm4j-pmqr-8gq4: Incorrect boundary conditions, integer overflow in the Graphics component ↗ 2026-03-24 ▶ CVEList Incorrect boundary conditions, integer overflow in the Graphics component ↗ 2026-03-24 ▶ OSV CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component ↗ 2026-03-24 ▶
📋 Vendor Advisories7 Red Hat firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component ↗ 2026-03-24 ▶ Debian CVE-2026-4694: firefox - Incorrect boundary conditions, integer overflow in the Graphics component. This ... ↗ 2026 ▶ Mozilla Mozilla Foundation Security Advisory 2026-24: CVE-2026-4694 ↗ ▶ Mozilla Mozilla Foundation Security Advisory 2026-21: CVE-2026-4694 ↗ ▶ Mozilla Mozilla Foundation Security Advisory 2026-23: CVE-2026-4694 ↗ ▶ Show 2 more
🕵️ Threat Intelligence1 Wiz CVE-2026-4694 Impact, Exploitability, and Mitigation Steps | Wiz ↗ ▶
💬 Community1 Bugzilla CVE-2026-4694 firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component ↗ 2026-03-24 ▶