CVE-2017-5465

Published: 20 April 2017

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (53.0)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (53.0+build6-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [53.0+build6-0ubuntu0.14.04.1])
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (52.1.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:52.1.1+build1-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:52.1.1+build1-0ubuntu0.14.04.1])