← Back

CVE-2014-1528

nvd nist
Published: Apr 30, 2014Modified: May 6, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

Affected (10)

Show all products
Canonical: Ubuntu Linux · Opensuse: Opensuse · Opensuse Project: Opensuse · Oracle: Solaris · Mozilla: Firefox, Seamonkey · Fedoraproject: Fedora
Canonical
1 product
Ubuntu Linux
Opensuse
1 product
Opensuse
Opensuse Project
1 product
Opensuse
Oracle
1 product
Solaris
Mozilla
2 products
Firefox
Seamonkey
Fedoraproject
1 product
Fedora
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 12.10
Ubuntu Linux
Version 13.10
Ubuntu Linux
Version 14.04
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Version 13.1
Opensuse
Version 12.3
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Solaris
Version 11.3
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Firefox
Version 28.0
Seamonkey
Version 2.25
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 19

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (20)

Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Permissions Required
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party AdvisoryVDB Entry
Source: security@mozilla.org
Third Party AdvisoryVDB Entry
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking

Timeline

No history available yet.