CVE-2014-1557 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2014-1557?

CVE-2014-1557 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1557?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Solaris, Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird, Debian Debian Linux.

Vulnerability Description

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Oracle	Solaris	11.3
Mozilla	Firefox	<= 30.0
Mozilla	Firefox Esr	24.2
Mozilla	Thunderbird	<= 24.6
Debian	Debian Linux	6.0

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2014-1557?

CVE-2014-1557 is a vulnerability with a CVSS score of 9.3 (HIGH). The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data duri...

How severe is CVE-2014-1557?

CVE-2014-1557 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1557?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Solaris, Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird, Debian Debian Linux.