Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-1549

Опубликовано: 22 июл. 2014
Источник: redhat
CVSS2: 5.1
EPSS Низкий

Описание

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.

Отчет

This issue does not affect the version of thunderbird as shipped with Red Hat Enterprise Linux 5 and 6, or the version of firefox as shipped with Red Hat Enterprise Linux 5, 6, and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1121470Mozilla: Buffer overflow during Web Audio buffering for playback (MFSA 2014-57)

EPSS

Процентиль: 84%
0.02172
Низкий

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-1549

ubuntu
больше 11 лет назад

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.

nvd логотип

CVE-2014-1549

nvd
больше 11 лет назад

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.

debian логотип

CVE-2014-1549

debian
больше 11 лет назад

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer fun ...

github логотип

GHSA-6mr6-ghhg-rwhx

github
больше 3 лет назад

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.

fstec логотип

BDU:2015-00713

fstec
больше 11 лет назад

Уязвимость программного обеспечения Thunderbird, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 84%
0.02172
Низкий

5.1 Medium

CVSS2