CVE-2014-1700

2014-03-1614:06:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2014-1700

use-after-free vulnerability

speechsynthesis.cpp

blink

google chrome

remote attackers

denial of service

nvd

6.9 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.4%

JSON

Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure.

CPENameOperatorVersion
google:chromegoogle chromeeq33.0.1750.1
google:chromegoogle chromeeq33.0.1750.89
google:chromegoogle chromeeq33.0.1750.51
google:chromegoogle chromeeq33.0.1750.117
google:chromegoogle chromeeq33.0.1750.44
google:chromegoogle chromeeq33.0.1750.144
google:chromegoogle chromeeq33.0.1750.39
google:chromegoogle chromeeq33.0.1750.73
google:chromegoogle chromeeq33.0.1750.133
google:chromegoogle chromeeq33.0.1750.70

CPE	Name	Operator	Version
google:chrome	google chrome	eq	33.0.1750.1
google:chrome	google chrome	eq	33.0.1750.89
google:chrome	google chrome	eq	33.0.1750.51
google:chrome	google chrome	eq	33.0.1750.117
google:chrome	google chrome	eq	33.0.1750.44
google:chrome	google chrome	eq	33.0.1750.144
google:chrome	google chrome	eq	33.0.1750.39
google:chrome	google chrome	eq	33.0.1750.73
google:chrome	google chrome	eq	33.0.1750.133
google:chrome	google chrome	eq	33.0.1750.70