CVE-2014-1557 Information
Description
The ConvolveHorizontally function in Skia as used in Mozilla Firefox before 31.0 Firefox ESR 24.x before 24.7 and Thunderbird before 24.7 does not properly handle the discarding of image data during function execution which allows remote attackers to execute arbitrary code by triggering prolonged image scaling as demonstrated by scaling of a high-quality image.
Reference
http://linux.oracle.com/errata/ELSA-2014-0918.html http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60306 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 http://www.debian.org/security/2014/dsa-2986 http://www.debian.org/security/2014/dsa-2996 http://www.mozilla.org/security/announce/2014/mfsa2014-64.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/68824 http://www.securitytracker.com/id/1030619 http://www.securitytracker.com/id/1030620 https://bugzilla.mozilla.org/show_bug.cgi?id=913805 https://security.gentoo.org/glsa/201504-01
Share on: