firefox-esr: Heap buffer overflow rasterizing paths in SVG with Skia (CVE-2018-6126)
A heap buffer overflow can occur in the Skia library when rasterizing
paths using a maliciously
crafted SVG file with anti-aliasing turned off. This results in a
potentially exploitable crash.
Fixed in:
Firefox ESR 52.8.1
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/
(from redmine: issue id 9034, created on 2018-06-26, closed on 2018-07-16)
- Relations:
- copied_to #9035 (closed)
- copied_to #9036 (closed)
- child #9035 (closed)
- child #9036 (closed)