Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-1580

Source

Mozilla Foundation Security Advisory 2014-78

Further uninitialized memory use during GIF rendering

Announced

October 14, 2014

Reporter

Michal Zalewski

Impact

High

Products

Firefox, Firefox OS, SeaMonkey

Fixed in

Firefox 33
Firefox OS 2.2
SeaMonkey 2.30

Description

Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a <canvas> element, memory may not always be properly initialized. The resulting series of images then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.

References

Apparent use of uninitialized memory when rendering truncated GIFs to <canvas> (CVE-2014-1580)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Further uninitialized memory use during GIF rendering

Further uninitialized memory use during GIF rendering

Description

References

Vulmon Search

About

Products

Connect