{"api_version":"1","generated_at":"2026-05-01T13:06:23+00:00","cve":"CVE-2014-1564","urls":{"html":"https://cve.report/CVE-2014-1564","api":"https://cve.report/api/cve/CVE-2014-1564.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-1564","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-1564"},"summary":{"title":"CVE-2014-1564","description":"Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2014-09-03 10:55:00","updated_at":"2018-10-30 16:27:00"},"problem_types":["CWE-824"],"metrics":[],"references":[{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","name":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","refsource":"CONFIRM","tags":[],"title":"Oracle Solaris Bulletin - April 2016","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1030794","name":"1030794","refsource":"SECTRACK","tags":[],"title":"Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2014/Sep/18","name":"20140903 Uninit memory disclosure via truncated images in Firefox","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: Uninit memory disclosure via truncated images in Firefox","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html","name":"openSUSE-SU-2014:1099","refsource":"SUSE","tags":["Third Party Advisory"],"title":"openSUSE-SU-2014:1099-1: moderate: MozillaFirefox to Firefox 32","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/201504-01","name":"GLSA-201504-01","refsource":"GENTOO","tags":[],"title":"Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html","name":"openSUSE-SU-2015:1266","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/533357/100/0/threaded","name":"20140904 Uninit memory disclosure via truncated images in Firefox","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1045977","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1045977","refsource":"CONFIRM","tags":["Issue Tracking"],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61114","name":"61114","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA61114 - Ubuntu update for thunderbird - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html","name":"openSUSE-SU-2015:0138","refsource":"SUSE","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2015:0138-1: important: Firefox update t","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html","name":"http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html","refsource":"MISC","tags":[],"title":"Mozilla Firefox Secret Leak ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html","name":"openSUSE-SU-2014:1098","refsource":"SUSE","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2014:1098-1: important: MozillaThunderbi","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.securitytracker.com/id/1030793","name":"1030793","refsource":"SECTRACK","tags":[],"title":"Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mozilla.org/security/announce/2014/mfsa2014-69.html","name":"http://www.mozilla.org/security/announce/2014/mfsa2014-69.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"MFSA 2014-69: Uninitialized memory use during GIF rendering","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60148","name":"60148","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA60148 - Mozilla Firefox ESR / Thunderbird Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/69525","name":"69525","refsource":"BID","tags":[],"title":"Mozilla Firefox and Thunderbird CVE-2014-1564 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-1564","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1564","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"30.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"30.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"31.1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"evergreen","cpe6":"11.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"evergreen","cpe6":"11.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"12.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"13.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"12.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1564","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"13.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@mozilla.org","ID":"CVE-2014-1564","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"openSUSE-SU-2015:0138","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"},{"name":"20140904 Uninit memory disclosure via truncated images in Firefox","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/533357/100/0/threaded"},{"name":"http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html"},{"name":"20140903 Uninit memory disclosure via truncated images in Firefox","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2014/Sep/18"},{"name":"GLSA-201504-01","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201504-01"},{"name":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"name":"1030794","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1030794"},{"name":"69525","refsource":"BID","url":"http://www.securityfocus.com/bid/69525"},{"name":"openSUSE-SU-2015:1266","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"},{"name":"http://www.mozilla.org/security/announce/2014/mfsa2014-69.html","refsource":"CONFIRM","url":"http://www.mozilla.org/security/announce/2014/mfsa2014-69.html"},{"name":"openSUSE-SU-2014:1098","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"},{"name":"60148","refsource":"SECUNIA","url":"http://secunia.com/advisories/60148"},{"name":"openSUSE-SU-2014:1099","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"},{"name":"61114","refsource":"SECUNIA","url":"http://secunia.com/advisories/61114"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1045977","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1045977"},{"name":"1030793","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1030793"}]}},"nvd":{"publishedDate":"2014-09-03 10:55:00","lastModifiedDate":"2018-10-30 16:27:00","problem_types":["CWE-824"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndIncluding":"31.1.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"1564","Ordinal":"68397","Title":"CVE-2014-1564","CVE":"CVE-2014-1564","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"1564","Ordinal":"1","NoteData":"Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"1564","Ordinal":"2","NoteData":"2014-09-03","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"1564","Ordinal":"3","NoteData":"2018-10-09","Type":"Other","Title":"Modified"}]}}}