PT-2014-1462 · Mozilla+3 · Firefox+3

Holger Fuhrmannek

Published

2014-06-10

Updated

2024-12-12

CVE-2014-1542

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 30.0

Description The issue is related to a buffer overflow in the Speex resampler in the Web Audio subsystem, allowing remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. This can be achieved by using specially formed AudioBuffer channel count and sample rate.

Recommendations For versions prior to 30.0, update to version 30.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Web Audio subsystem until a patch is available. Avoid using crafted AudioBuffer channel counts and sample rates in the affected subsystem to minimize the risk of exploitation.

Exploit

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1978

BDU:2015-00427

BDU:2015-00682

CVE-2014-1542

MGASA-2014-0419

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-2243-1

Affected Products

Alt Linux

Firefox

Suse

Ubuntu

PT-2014-1462 · Mozilla+3 · Firefox+3

CVE-2014-1542

Weakness Enumeration

Related Identifiers

Affected Products

References · 3134