fkie_cve-2014-1557
Vulnerability from fkie_nvd
Published
2014-07-23 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
References
security@mozilla.orghttp://linux.oracle.com/errata/ELSA-2014-0918.html
security@mozilla.orghttp://secunia.com/advisories/59591
security@mozilla.orghttp://secunia.com/advisories/59719
security@mozilla.orghttp://secunia.com/advisories/59760
security@mozilla.orghttp://secunia.com/advisories/60083
security@mozilla.orghttp://secunia.com/advisories/60306
security@mozilla.orghttp://secunia.com/advisories/60486
security@mozilla.orghttp://secunia.com/advisories/60621
security@mozilla.orghttp://secunia.com/advisories/60628
security@mozilla.orghttp://www.debian.org/security/2014/dsa-2986Third Party Advisory
security@mozilla.orghttp://www.debian.org/security/2014/dsa-2996Third Party Advisory
security@mozilla.orghttp://www.mozilla.org/security/announce/2014/mfsa2014-64.htmlVendor Advisory
security@mozilla.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
security@mozilla.orghttp://www.securityfocus.com/bid/68824
security@mozilla.orghttp://www.securitytracker.com/id/1030619
security@mozilla.orghttp://www.securitytracker.com/id/1030620
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=913805Issue Tracking
security@mozilla.orghttps://security.gentoo.org/glsa/201504-01
af854a3a-2127-422b-91ae-364da2661108http://linux.oracle.com/errata/ELSA-2014-0918.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59591
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59719
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59760
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60083
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60306
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60486
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60621
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60628
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2986Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2996Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2014/mfsa2014-64.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/68824
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030619
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030620
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=913805Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201504-01
Impacted products
Vendor Product Version
oracle solaris 11.3
mozilla firefox *
mozilla firefox 24.0
mozilla firefox 24.1.0
mozilla firefox 24.1.1
mozilla firefox_esr 24.0.1
mozilla firefox_esr 24.0.2
mozilla firefox_esr 24.2
mozilla firefox_esr 24.3
mozilla firefox_esr 24.4
mozilla firefox_esr 24.5
mozilla firefox_esr 24.6
mozilla thunderbird *
mozilla thunderbird 24.0
mozilla thunderbird 24.0.1
mozilla thunderbird 24.1
mozilla thunderbird 24.1.1
mozilla thunderbird 24.2
mozilla thunderbird 24.3
mozilla thunderbird 24.4
mozilla thunderbird 24.5
debian debian_linux 6.0
debian debian_linux 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD70C79-7EA7-49CB-B3D6-6C77E0C55BB4",
              "versionEndIncluding": "30.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E772D1-DD0F-4F04-8BB4-9550F3C601E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:24.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "050A0328-B07A-4CC7-B42E-A034F3140032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "732CC40B-BCBA-436B-956F-52BE28D9B79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4DE4CBB-6604-4AF2-B499-06BCD9E213C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70ECF11D-B5D0-4EBA-9E1F-0978AF7C7818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237D8D8-5656-4537-AD08-30CB8B4DAD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04B61AC7-E951-407F-A62E-490F9FEDE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F70319-C8E4-4F54-9449-B0C3A59BF7C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CAD5F3B-54D7-425B-89D2-A3A86DE31BAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D4B068-3456-4748-94BE-ACBA6A026570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0B063ED-8BD8-4E14-8990-D23CCB0A20BB",
              "versionEndIncluding": "24.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCAFDF1-10BB-4AB0-9C9D-E99DDBA901BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EE89B8-705F-4A05-9015-3D6E81D394E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30AE3D4-6A3E-435E-BDBF-1A9A17297433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0C705A0-62C0-485A-A077-C7DD426F80B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C802A7-E4D5-4D2D-9CE8-749A75DF7461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8A57FA-AC27-4288-8E42-97DECF3B993C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D474B11-98D0-41A3-A98B-CFB6955264AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD940E-9EF0-460B-A721-E70C719F2244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ConvolveHorizontally en Skia, utilizado en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7, no maneja debidamente el descarte de datos de im\u00e1genes durante la ejecuci\u00f3n de la funci\u00f3n, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la provocaci\u00f3n del escalado prolongado de im\u00e1genes, tal y como fue demostrado mediante el escalado de un imagen de alta calidad."
    }
  ],
  "id": "CVE-2014-1557",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-23T11:12:43.217",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0918.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59591"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59719"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59760"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/60083"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/60306"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/60486"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/60621"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/60628"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2986"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2996"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-64.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/bid/68824"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1030619"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1030620"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=913805"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0918.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-64.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=913805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.