CVE-2014-1557

N/A Unknown

Published: July 23, 2014 Modified: November 25, 2025

Description

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://linux.oracle.com/errata/ELSA-2014-0918.html

Source: security@mozilla.org

http://secunia.com/advisories/59591

Source: security@mozilla.org

http://secunia.com/advisories/59719

Source: security@mozilla.org

http://secunia.com/advisories/59760

Source: security@mozilla.org

http://secunia.com/advisories/60083

Source: security@mozilla.org

http://secunia.com/advisories/60306

Source: security@mozilla.org

http://secunia.com/advisories/60486

Source: security@mozilla.org

http://secunia.com/advisories/60621

Source: security@mozilla.org

http://secunia.com/advisories/60628

Source: security@mozilla.org

http://www.debian.org/security/2014/dsa-2986

Source: security@mozilla.org

Third Party Advisory

http://www.debian.org/security/2014/dsa-2996

Source: security@mozilla.org

Third Party Advisory

http://www.mozilla.org/security/announce/2014/mfsa2014-64.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.securityfocus.com/bid/68824

Source: security@mozilla.org

http://www.securitytracker.com/id/1030619

Source: security@mozilla.org

http://www.securitytracker.com/id/1030620

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=913805

Source: security@mozilla.org

Issue Tracking

https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

http://linux.oracle.com/errata/ELSA-2014-0918.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59591

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59719

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59760

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60083

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60306

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60486

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60621

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60628

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-2986

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2014/dsa-2996

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mozilla.org/security/announce/2014/mfsa2014-64.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/68824

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030619

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030620

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=913805

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://security.gentoo.org/glsa/201504-01

Source: af854a3a-2127-422b-91ae-364da2661108

36 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

2.9%

86th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-94

Affected Vendors

mozilla debian oracle

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3