Mozilla Foundation Security Advisory 2018-14
Security vulnerabilities fixed in Firefox 60.0.2, ESR 60.0.2, and ESR 52.8.1
- Announced
- June 6, 2018
- Impact
- critical
- Products
- Firefox, Firefox ESR
- Fixed in
-
- Firefox 60.0.2
- Firefox ESR 52.8.1
- Firefox ESR 60.0.2
#CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia
- Reporter
- Ivan Fratric of Google Project Zero
- Impact
- high
Description
A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash.