Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox prior to 20.0, Firefox ESR 17.x prior to 17.0.5, Thunderbird prior to 17.0.5, Thunderbird ESR 17.x prior to 17.0.5, SeaMonkey prior to 2.17, and other products, allows remote malicious users to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla firefox esr |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
mozilla thunderbird esr |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 12.10 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.1 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 12.3 |
||
suse linux enterprise desktop 10 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 10 |
||
suse linux enterprise server 11 |
||
suse linux enterprise software development kit 10 |
||
suse linux enterprise software development kit 11 |