CVE-2014-1528

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html	Third Party Advisory
http://secunia.com/advisories/59866	Permissions Required
http://www.mozilla.org/security/announce/2014/mfsa2014-41.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.securitytracker.com/id/1030163	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030164	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2185-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=963962	Issue Tracking
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html	Third Party Advisory
http://secunia.com/advisories/59866	Permissions Required
http://www.mozilla.org/security/announce/2014/mfsa2014-41.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.securitytracker.com/id/1030163	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030164	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2185-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=963962	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse_project:opensuse:12.3:::::::*

Configuration 3 (hide)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:mozilla:firefox:28.0:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.25:-::::::

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

Type	Values Removed	Values Added
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html - Third Party Advisory~~	() http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html - Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html - Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html - Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html - Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html - Third Party Advisory
References	~~() http://secunia.com/advisories/59866 - Permissions Required~~	() http://secunia.com/advisories/59866 - Permissions Required
References	~~() http://www.mozilla.org/security/announce/2014/mfsa2014-41.html - Vendor Advisory~~	() http://www.mozilla.org/security/announce/2014/mfsa2014-41.html - Vendor Advisory
References	~~() http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory~~	() http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory
References	~~() http://www.securitytracker.com/id/1030163 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1030163 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1030164 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1030164 - Third Party Advisory, VDB Entry
References	~~() http://www.ubuntu.com/usn/USN-2185-1 - Third Party Advisory~~	() http://www.ubuntu.com/usn/USN-2185-1 - Third Party Advisory
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=963962 - Issue Tracking~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=963962 - Issue Tracking

Information

Published : 2014-04-30 10:49

Updated : 2025-04-12 10:46

NVD link : CVE-2014-1528

Mitre link : CVE-2014-1528

CVE.ORG link : CVE-2014-1528

JSON object : View

Products Affected

opensuse

opensuse

oracle

solaris

canonical

ubuntu_linux

mozilla

seamonkey
firefox

microsoft

windows

opensuse_project

opensuse

fedoraproject

fedora

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2014-1528", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-30T10:49:04.943", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://secunia.com/advisories/59866", "tags": ["Permissions Required"], "source": "security@mozilla.org"}, {"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-41.html", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1030163", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1030164", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2185-1", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=963962", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/59866", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-41.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1030163", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1030164", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2185-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=963962", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element."}, {"lang": "es", "value": "La funci\u00f3n sse2_composite_src_x888_8888 en Pixman, utilizad o en Cairo en Mozilla Firefox 28.0 y SeaMonkey 2.25 en Windows, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (escritura fuera de rango y ca\u00edda de aplicaci\u00f3n) mediante la representaci\u00f3n gr\u00e1fica sobre un elemento CANVAS."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}, {"criteria": "cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B91DE6A-D759-4B2C-982B-AF036B43798D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:28.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DE18C00-F43A-4CE4-84E1-FECE9D893CFD"}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:2.25:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "681E731B-746B-4691-AB95-C9957E6F0B32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}

10.0 /10