1. Home
  2. Vulnerabilities
  3. CVE-2014-1528

CVE-2014-1528

CVSS v2.0 10 (High)
100% Progress
EPSS 2.06 % (89th)
2.06% Progress
Affected Products 8
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

Weaknesses
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2014-04-30 10:49:04
(10 years ago)
Updated Date
2018-10-30 16:27:37
(5 years ago)

Affected Products

Canonical

Fedoraproject

Microsoft

Mozilla

Opensuse

Opensuse Project

Oracle

Configuration #1

AND
    CPE23 From Up To
OR  
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts
OR  
  Running on/with
  Canonical Ubuntu Linux 12.10 cpe:2.3:o:canonical:ubuntu_linux:12.10
OR  
  Running on/with
  Canonical Ubuntu Linux 13.10 cpe:2.3:o:canonical:ubuntu_linux:13.10
OR  
  Running on/with
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts

Configuration #2

AND
    CPE23 From Up To
OR  
  Opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1
OR  
  Running on/with
  Opensuse Project Opensuse 12.3 cpe:2.3:o:opensuse_project:opensuse:12.3

Configuration #3

AND
    CPE23 From Up To
OR  
  Oracle Solaris 11.3 cpe:2.3:o:oracle:solaris:11.3

Configuration #4

AND
    CPE23 From Up To
OR  
  Mozilla Firefox 28.0 cpe:2.3:a:mozilla:firefox:28.0
OR  
  Running on/with
  Mozilla Seamonkey 2.25 cpe:2.3:a:mozilla:seamonkey:2.25:-
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows

Configuration #5

AND
    CPE23 From Up To
OR  
  Fedoraproject Fedora 19 cpe:2.3:o:fedoraproject:fedora:19