CVE-2014-1549

2014-07-2200:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.044

Percentile

92.5%

JSON

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function
in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not
properly allocate Web Audio buffer memory, which allows remote attackers to
execute arbitrary code or cause a denial of service (buffer overflow and
application crash) via crafted audio content that is improperly handled
during playback buffering.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfirefox< 31.0+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu14.04noarchfirefox< 31.0+build1-0ubuntu0.14.04.1UNKNOWN
ubuntu12.04noarchthunderbird< 1:31.0+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu14.04noarchthunderbird< 1:31.0+build1-0ubuntu0.14.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	firefox	< 31.0+build1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	firefox	< 31.0+build1-0ubuntu0.14.04.1	UNKNOWN
ubuntu	12.04	noarch	thunderbird	< 1:31.0+build1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	thunderbird	< 1:31.0+build1-0ubuntu0.14.04.1	UNKNOWN