PT-2014-1462 · Mozilla+3 · Firefox+3

Holger Fuhrmannek

Publicado

2014-06-10

Atualizado

2024-12-12

CVE-2014-1542

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 30.0

Description The issue is related to a buffer overflow in the Speex resampler in the Web Audio subsystem, allowing remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. This can be achieved by using specially formed AudioBuffer channel count and sample rate.

Recommendations For versions prior to 30.0, update to version 30.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Web Audio subsystem until a patch is available. Avoid using crafted AudioBuffer channel counts and sample rates in the affected subsystem to minimize the risk of exploitation.

Exploit

Correção

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2014-1978

BDU:2015-00427

BDU:2015-00682

CVE-2014-1542

MGASA-2014-0419

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-2243-1

Produtos afetados

Alt Linux

Firefox

Suse

Ubuntu

PT-2014-1462 · Mozilla+3 · Firefox+3

CVE-2014-1542

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3134