CVE-2014-1578

Description

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.

How to fix CVE-2014-1578

To remediate CVE-2014-1578, upgrade the affected package to a fixed version below.

• Debian/libvpx—upgrade to 1.3.0-3 or later

Is CVE-2014-1578 being exploited?

Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.3.0-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-1578