2013-04-03 13:56:21 2021-01-19 16:46:00

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Suse Linux enterprise software development kit 11 Sp2 * * (not an official CPE) Suse Linux enterprise software development kit 10 Sp4 * * (not an official CPE) Suse Linux enterprise server 11 Sp2 * * (not an official CPE) Suse Linux enterprise server 11 Sp2 * * (not an official CPE) Suse Linux enterprise server 11 Sp1 * * (not an official CPE) Suse Linux enterprise server 11 Sp1 * * (not an official CPE) Suse Linux enterprise server 10 Sp4 * * (not an official CPE) Suse Linux enterprise desktop 11 Sp2 * * (not an official CPE) Suse Linux enterprise desktop 10 Sp4 * * (not an official CPE) Opensuse Opensuse 12.3 * * * (not an official CPE) Opensuse Opensuse 12.2 * * * (not an official CPE) Opensuse Opensuse 12.1 * * * (not an official CPE) Opensuse Opensuse 11.4 * * * (not an official CPE) Redhat Enterprise linux workstation 6.0 * * * (not an official CPE) Redhat Enterprise linux workstation 5.0 * * * (not an official CPE) Redhat Enterprise linux server aus 6.4 * * * (not an official CPE) Redhat Enterprise linux server 6.0 * * * (not an official CPE) Redhat Enterprise linux server 5.0 * * * (not an official CPE) Redhat Enterprise linux eus 6.4 * * * (not an official CPE) Redhat Enterprise linux eus 5.9 * * * (not an official CPE) Redhat Enterprise linux desktop 6.0 * * * (not an official CPE) Redhat Enterprise linux desktop 5.0 * * * (not an official CPE) Canonical Ubuntu linux 12.10 * * * (not an official CPE) Canonical Ubuntu linux 12.04 * * * (not an official CPE) Canonical Ubuntu linux 11.10 * * * (not an official CPE) Canonical Ubuntu linux 10.04 * * * (not an official CPE) Debian Debian linux 7.0 * * * (not an official CPE)