10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.174 Low
EPSS
Percentile
96.0%
Security researcher Arthur Gerkis used the Address Sanitizer tool to find two issues involving Scalable Vector Graphics (SVG) files. The first issue is a buffer overflow in Gecko’s SVG filter code when the sum of two values is too large to be stored as a signed 32-bit integer, causing the function to write past the end of an array. The second issue is a use-after-free when an element with a “requiredFeatures” attribute is moved between documents. In that situation, the internal representation of the “requiredFeatures” value could be freed prematurely. Both issues are potentially exploitable.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 15 | |
firefox esr | lt | 10.0.7 | |
seamonkey | lt | 2.12 | |
thunderbird | lt | 15 | |
thunderbird esr | lt | 10.0.7 |