Strix
26.1K

CVE-2014-1557

UnknownEPSS 4.94%

Last modified

CVE-2014-1557 is a vulnerability of currently unknown severity. The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.. EPSS estimates a 4.94% chance of exploitation in the next 30 days.

Description

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.

Metrics

EPSS Probability
4.94%

91.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
OracleSolaris11.3
MozillaFirefox<= 30.0
MozillaFirefox24.0
MozillaFirefox24.0.1
MozillaFirefox24.0.2
MozillaFirefox24.1.0
MozillaFirefox24.1.1
MozillaFirefox Esr24.2
MozillaFirefox Esr24.3
MozillaFirefox Esr24.4
MozillaFirefox Esr24.5
MozillaFirefox Esr24.6
MozillaThunderbird<= 24.6
MozillaThunderbird24.0
MozillaThunderbird24.0.1
MozillaThunderbird24.1
MozillaThunderbird24.1.1
MozillaThunderbird24.2
MozillaThunderbird24.3
MozillaThunderbird24.4
MozillaThunderbird24.5
DebianDebian Linux6.0
DebianDebian Linux7.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-1557?
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
How severe is CVE-2014-1557?
Severity scoring for CVE-2014-1557 is pending analysis. The EPSS model estimates a 4.94% probability of exploitation in the next 30 days.
How do I fix CVE-2014-1557?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-1557?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST