CLD-423 Details
Other IDs this deficiency may be known by:
| CVE ID |
None |
| Other ID(s) |
fixed-in-60.0.2 |
Basic Information:
| Affected Package(s) |
firefox |
| Deficiency Type |
SECURITY |
| Date Created |
2018-06-06 17:03:28 |
| Date Last Modified |
2018-06-07 10:15:37 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in firefox-60.0.2esr-i686-1 |
| Cucumber 1.0 x86_64 | fixed in firefox-60.0.2esr-x86_64-1 |
| Cucumber 1.1 i686 |
fixed in firefox-60.0.2esr-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in firefox-60.0.2esr-x86_64-1 |
Details:
Fixes the following vulnerability:
CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia
A heap buffer overflow can occur in the Skia library when rasterizing
paths using a maliciously crafted SVG file with anti-aliasing turned
off. This results in a potentially exploitable crash.
See https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ for full
details.