Mozilla Firefox Uninitialized memory use during bitmap rendering

2015.01.15
Credit: Michal Zalewski
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2014-8637
CWE: N/A


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Description Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a <canvas> element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to web content. References Apparent use of uninitialized memory when rendering BMPs on <canvas> (CVE-2014-8637)

References:

https://www.mozilla.org/en-US/security/advisories/mfsa2015-02/


See this note in RAW Version
Vote for this issue:
50%
50%

Comment it here.
Copyright 2025, cxsecurity.com

 

Back to Top