Vulnerability Details : CVE-2014-1557
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2014-1557
Probability of exploitation activity in the next 30 days: 1.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1557
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-1557
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1557
-
http://www.mozilla.org/security/announce/2014/mfsa2014-64.html
Crash in Skia library when scaling high quality images — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=913805
913805 - (CVE-2014-1557) Crash in [@ skia::`anonymous namespace''::ConvolveHorizontally<int>(unsigned char const*, skia::ConvolutionFilter1D const&, unsigned char*) ]Issue Tracking
-
http://www.debian.org/security/2014/dsa-2986
Debian -- Security Information -- DSA-2986-1 iceweaselThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
-
http://www.debian.org/security/2014/dsa-2996
Debian -- Security Information -- DSA-2996-1 icedoveThird Party Advisory
-
http://secunia.com/advisories/59591
Sign in
- http://secunia.com/advisories/59760
-
http://www.securitytracker.com/id/1030619
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Spoof User Interface Elements - SecurityTracker
-
http://linux.oracle.com/errata/ELSA-2014-0918.html
linux.oracle.com | ELSA-2014-0918
-
http://www.securityfocus.com/bid/68824
Mozilla Firefox/Thunderbird CVE-2014-1557 Remote Code Execution Vulnerability
-
http://secunia.com/advisories/60306
Sign in
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://secunia.com/advisories/59719
Sign in
-
http://secunia.com/advisories/60486
Sign in
-
http://www.securitytracker.com/id/1030620
Mozilla Thunderbird Multiple Flaws Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker
-
http://secunia.com/advisories/60628
Sign in
-
http://secunia.com/advisories/60621
Sign in
-
http://secunia.com/advisories/60083
Sign in
Products affected by CVE-2014-1557
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*