FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- Heap buffer overflow rasterizing paths in SVG with Skia

Affected packages
firefox < 60.0.2,1
waterfox < 56.2.0.13_5
firefox-esr < 52.8.1,1
linux-seamonkey < 2.49.4
seamonkey < 2.49.4

Details

VuXML ID e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7
Discovery 2018-06-06
Entry 2018-06-08

The Mozilla Foundation reports:

A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash.

References

URL https://www.mozilla.org/security/advisories/mfsa2018-14/