CVE-2014-1542

Published: Jun 11, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.

Affected (4)

Products: Opensuse: Opensuse · Opensuse Project: Opensuse · Mozilla: Firefox · +1 more

Show all products

Opensuse: Opensuse · Opensuse Project: Opensuse · Mozilla: Firefox · Oracle: Solaris

1 product

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Project Opensuse	Version 12.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 29.0.1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (28)

http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html

Source: security@mozilla.org

Third Party Advisory

http://secunia.com/advisories/59052

Source: security@mozilla.org

Permissions Required

http://secunia.com/advisories/59171

Source: security@mozilla.org

Permissions Required

http://secunia.com/advisories/59387

Source: security@mozilla.org

Permissions Required

http://secunia.com/advisories/59486

Source: security@mozilla.org

http://secunia.com/advisories/59866

Source: security@mozilla.org

Permissions Required

http://www.mozilla.org/security/announce/2014/mfsa2014-53.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.securityfocus.com/bid/67968

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1030388

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2243-1

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=991533

Source: security@mozilla.org

Issue Tracking

https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html