Mozilla Foundation Security Advisory 2013-22

Out-of-bounds read in image rendering

Announced
February 19, 2013
Reporter
Atte Kettunen
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 19
  • SeaMonkey 2.16

Description

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found an out-of-bounds read while rendering GIF format images. This could cause a non-exploitable crash and could also attempt to render normally inaccesible data as part of the image.

References