Lucene search

[email protected]NVD:CVE-2014-1523

HistoryApr 30, 2014 - 10:49 a.m.

CVE-2014-1523

2014-04-3010:49:04

CWE-787

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

JSON

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

Affected configurations

NVD

Node

mozillafirefoxRange<29.0

mozillafirefox_esrRange24.0–24.5

mozillaseamonkeyRange<2.26

mozillathunderbirdRange<24.5

Node

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

canonicalubuntu_linuxMatch14.04esm

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.5

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.5

redhatenterprise_linux_server_eusMatch6.5

redhatenterprise_linux_server_tusMatch6.5

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

susesuse_linux_enterprise_serverMatch10sp4ltss

susesuse_linux_enterprise_serverMatch11sp1ltss

References

lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html

lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html

lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html

lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html

lists.opensuse.org/opensuse-updates/2014-05/msg00010.html

lists.opensuse.org/opensuse-updates/2014-05/msg00013.html

lists.opensuse.org/opensuse-updates/2014-05/msg00033.html

lists.opensuse.org/opensuse-updates/2014-05/msg00040.html

rhn.redhat.com/errata/RHSA-2014-0448.html

rhn.redhat.com/errata/RHSA-2014-0449.html

www.debian.org/security/2014/dsa-2918

www.debian.org/security/2014/dsa-2924

www.mozilla.org/security/announce/2014/mfsa2014-37.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/67129

www.securitytracker.com/id/1030163

www.securitytracker.com/id/1030164

www.securitytracker.com/id/1030165

www.ubuntu.com/usn/USN-2185-1

www.ubuntu.com/usn/USN-2189-1

bugzilla.mozilla.org/show_bug.cgi?id=969226

security.gentoo.org/glsa/201504-01

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for NVD:CVE-2014-1523

ubuntucve1 cvelist1 openvas43 cve1 mozilla1 prion1 veracode5 ubuntu2 nessus34 debian2 osv2 centos2 redhat2 oraclelinux2 mageia2 suse6 ibm2 freebsd1 securityvulns1 gentoo1