CVE-2014-1545
Published: 11 June 2014
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
Priority
Status
Package | Release | Status |
---|---|---|
nspr
Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(4.9.5-0ubuntu0.12.04.3)
|
|
saucy |
Released
(2:4.9.5-1ubuntu1.2)
|
|
trusty |
Released
(2:4.10.2-1ubuntu1.1)
|
|
upstream |
Released
(4.10.6)
|
|
Patches:
upstream: https://hg.mozilla.org/projects/nspr/rev/74eb616c618e |
||
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu. |