Search for vulnerabilities
| Vulnerability ID | VCID-xb7x-q641-mkh7 |
| Aliases |
CVE-2014-1497
|
| Summary | Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because audio is disabled, but is potentially a risk in browser or browser-like contexts. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| CWE-125 | Out-of-bounds Read |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1497.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2014-1497 | ||
| 1077016 | https://bugzilla.redhat.com/show_bug.cgi?id=1077016 | |
| CVE-2014-1497 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1497 | |
| mfsa2014-17 | https://www.mozilla.org/en-US/security/advisories/mfsa2014-17 | |
| RHSA-2014:0310 | https://access.redhat.com/errata/RHSA-2014:0310 | |
| RHSA-2014:0316 | https://access.redhat.com/errata/RHSA-2014:0316 | |
| USN-2150-1 | https://usn.ubuntu.com/2150-1/ | |
| USN-2151-1 | https://usn.ubuntu.com/2151-1/ |
| Percentile | 0.64986 |
| EPSS Score | 0.00502 |
| Published At | July 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:46.650413+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-17.md | 37.0.0 |