CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.2%
The Mozilla SVG viewer contains an integer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition.
Scalable Vector Graphics (SVG) is an XML markup language for describing and displaying animated or static vector graphics. Mozilla Firefox includes a native SVG viewer, other Mozilla projects may use the Adobe SVG viewer.
The Mozilla SVG viewer fails to properly validate size parameters supplied to a memory allocation routine allowing an integer overflow to occur. This vulnerability could cause an undersized buffer to be allocated. When data is copied to that buffer, a heap-based buffer overflow may occur. An attacker may be able to exploit this vulnerability by convincing a user to go to a website that hosts a specially crafted SVG file.
This vulnerability occurred as a result of failing to comply with rule INT30-C of the CERT C Programming Language Secure Coding Standard.
A remote, unauthenticated attacker may be able to execute arbitrary code, or create a denial-of-service condition.
Upgrade
See Mozilla Foundation Security Advisory 2007-01 for information about affected clients.
Disable SVG
Until updates can be applied, disabling SVG in Mozilla Firefox may mitigate this vulnerability. See the Mozilla about:config guide for information on how to disable SVG.
551436
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 25, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.mozilla.org/security/announce/2007/mfsa2007-01.html> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23551436 Feedback>).
Group | Score | Vector |
---|---|---|
Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
Temporal | 0 | E:ND/RL:ND/RC:ND |
Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
Mozilla credits Tom Ferris for reporting this vulnerability.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2007-0776 |
---|---|
Severity Metric: | 22.23 Date Public: |
en.wikipedia.org/wiki/Scalable_Vector_Graphics
kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries#Miscellaneous
secunia.com/advisories/24205/
secunia.com/advisories/24238/
secunia.com/advisories/24252/
secunia.com/advisories/24287/
secunia.com/advisories/24290/
secunia.com/advisories/24293/
secunia.com/advisories/24320/
secunia.com/advisories/24327/
secunia.com/advisories/24328/
secunia.com/advisories/24333/
secunia.com/advisories/24343/
secunia.com/advisories/24352/
secunia.com/advisories/24384/
secunia.com/advisories/24389/
secunia.com/advisories/24393/
secunia.com/advisories/24406/
secunia.com/advisories/24410/
secunia.com/advisories/24437/
secunia.com/advisories/24455/
secunia.com/advisories/24456/
secunia.com/advisories/24457/
www.adobe.com/svg/
www.ciac.org/ciac/bulletins/r-164.shtml
www.mozilla.org/projects/svg/
www.mozilla.org/security/announce/2007/mfsa2007-01.html
www.securityfocus.com/bid/22694
www.w3.org/TR/SVG/painting.html#StrokeProperties