CVE-2014-1523

Publication date 29 April 2014

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

Status

Package Ubuntu Release Status
firefox 14.04 LTS trusty
Fixed 29.0+build1-0ubuntu0.14.04.2
13.10 saucy
Fixed 29.0+build1-0ubuntu0.13.10.3
12.10 quantal
Fixed 29.0+build1-0ubuntu0.12.10.3
12.04 LTS precise
Fixed 29.0+build1-0ubuntu0.12.04.2
10.04 LTS lucid Ignored end of life
thunderbird 14.04 LTS trusty
Fixed 1:24.5.0+build1-0ubuntu0.14.04.1
13.10 saucy
Fixed 1:24.5.0+build1-0ubuntu0.13.10.1
12.10 quantal
Fixed 1:24.5.0+build1-0ubuntu0.12.10.1
12.04 LTS precise
Fixed 1:24.5.0+build1-0ubuntu0.12.04.1
10.04 LTS lucid Ignored end of life

Severity score breakdown

Parameter Value
Base score 6.5 · Medium
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-2185-1
    • Firefox vulnerabilities
    • 29 April 2014
    • USN-2189-1
    • Thunderbird vulnerabilities
    • 30 April 2014

Other references