Vulnerability DatabaseCVE-2014-1482
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-1482
February 06, 2014
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.
Related ResourcesĀ (35)
https://bugzilla.mozilla.org/show_bug.cgi?id=943803
http://www.ubuntu.com/usn/USN-2102-1
http://secunia.com/advisories/56888
http://osvdb.org/102868
http://www.securitytracker.com/id/1029720
http://secunia.com/advisories/56767
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1482
http://download.novell.com/Download?buildid=Y2fux-JW1Qc
http://secunia.com/advisories/56763
http://rhn.redhat.com/errata/RHSA-2014-0133.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://download.novell.com/Download?buildid=VYQsgaFpQ2k
http://secunia.com/advisories/56706
http://secunia.com/advisories/56761
http://rhn.redhat.com/errata/RHSA-2014-0132.html
http://www.securityfocus.com/bid/65328
http://www.debian.org/security/2014/dsa-2858
http://www.ubuntu.com/usn/USN-2102-2
http://www.mozilla.org/security/announce/2014/mfsa2014-04.html
http://www.securitytracker.com/id/1029717
http://secunia.com/advisories/56787
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
http://secunia.com/advisories/56922
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html
https://8pecxstudios.com/?page_id=44080
http://www.securitytracker.com/id/1029721
https://exchange.xforce.ibmcloud.com/vulnerabilities/90894
http://secunia.com/advisories/56858
https://access.redhat.com/security/cve/CVE-2014-1482
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
http://www.ubuntu.com/usn/USN-2119-1
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
9.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Out-of-bounds Write
CWE-787
EPSS
Base Score:
2.74