Lucene search
HistoryMay 21, 2014 - 11:14 a.m.
CVE-2014-1745
cve-2014-1745
use-after-free
svg implementation
blink
google chrome
denial of service
vulnerability
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.3 High
AI Score
Confidence
High
0.017 Low
EPSS
Percentile
87.7%
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.
Affected configurations
Node
googlechromeRange≤35.0.1916.113
ORgooglechromeMatch35.0.1916.0
ORgooglechromeMatch35.0.1916.1
ORgooglechromeMatch35.0.1916.2
ORgooglechromeMatch35.0.1916.3
ORgooglechromeMatch35.0.1916.4
ORgooglechromeMatch35.0.1916.5
ORgooglechromeMatch35.0.1916.6
ORgooglechromeMatch35.0.1916.7
ORgooglechromeMatch35.0.1916.8
ORgooglechromeMatch35.0.1916.9
ORgooglechromeMatch35.0.1916.10
ORgooglechromeMatch35.0.1916.11
ORgooglechromeMatch35.0.1916.13
ORgooglechromeMatch35.0.1916.14
ORgooglechromeMatch35.0.1916.15
ORgooglechromeMatch35.0.1916.17
ORgooglechromeMatch35.0.1916.18
ORgooglechromeMatch35.0.1916.19
ORgooglechromeMatch35.0.1916.20
ORgooglechromeMatch35.0.1916.21
ORgooglechromeMatch35.0.1916.22
ORgooglechromeMatch35.0.1916.23
ORgooglechromeMatch35.0.1916.27
ORgooglechromeMatch35.0.1916.31
ORgooglechromeMatch35.0.1916.32
ORgooglechromeMatch35.0.1916.33
ORgooglechromeMatch35.0.1916.34
ORgooglechromeMatch35.0.1916.35
ORgooglechromeMatch35.0.1916.36
ORgooglechromeMatch35.0.1916.37
ORgooglechromeMatch35.0.1916.38
ORgooglechromeMatch35.0.1916.39
ORgooglechromeMatch35.0.1916.40
ORgooglechromeMatch35.0.1916.41
ORgooglechromeMatch35.0.1916.42
ORgooglechromeMatch35.0.1916.43
ORgooglechromeMatch35.0.1916.44
ORgooglechromeMatch35.0.1916.45
ORgooglechromeMatch35.0.1916.46
ORgooglechromeMatch35.0.1916.47
ORgooglechromeMatch35.0.1916.48
ORgooglechromeMatch35.0.1916.49
ORgooglechromeMatch35.0.1916.51
ORgooglechromeMatch35.0.1916.52
ORgooglechromeMatch35.0.1916.54
ORgooglechromeMatch35.0.1916.56
ORgooglechromeMatch35.0.1916.57
ORgooglechromeMatch35.0.1916.59
ORgooglechromeMatch35.0.1916.61
ORgooglechromeMatch35.0.1916.68
ORgooglechromeMatch35.0.1916.69
ORgooglechromeMatch35.0.1916.71
ORgooglechromeMatch35.0.1916.72
ORgooglechromeMatch35.0.1916.74
ORgooglechromeMatch35.0.1916.77
ORgooglechromeMatch35.0.1916.80
ORgooglechromeMatch35.0.1916.82
ORgooglechromeMatch35.0.1916.84
ORgooglechromeMatch35.0.1916.85
ORgooglechromeMatch35.0.1916.86
ORgooglechromeMatch35.0.1916.88
ORgooglechromeMatch35.0.1916.90
ORgooglechromeMatch35.0.1916.92
ORgooglechromeMatch35.0.1916.93
ORgooglechromeMatch35.0.1916.95
ORgooglechromeMatch35.0.1916.96
ORgooglechromeMatch35.0.1916.98
ORgooglechromeMatch35.0.1916.99
ORgooglechromeMatch35.0.1916.101
ORgooglechromeMatch35.0.1916.103
ORgooglechromeMatch35.0.1916.104
ORgooglechromeMatch35.0.1916.105
ORgooglechromeMatch35.0.1916.106
ORgooglechromeMatch35.0.1916.107
ORgooglechromeMatch35.0.1916.108
ORgooglechromeMatch35.0.1916.109
ORgooglechromeMatch35.0.1916.110
ORgooglechromeMatch35.0.1916.111
ORgooglechromeMatch35.0.1916.112
References
googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
secunia.com/advisories/58920
secunia.com/advisories/59155
security.gentoo.org/glsa/glsa-201408-16.xml
www.debian.org/security/2014/dsa-2939
www.openwall.com/lists/oss-security/2024/02/05/8
www.securitytracker.com/id/1030270
code.google.com/p/chromium/issues/detail?id=346192
src.chromium.org/viewvc/blink?revision=167993&view=revision
Related
cvelist
cvelist
CVE-2014-1745
2014-05-21 00:00:00
prion
prion
Design/Logic Flaw
2014-05-21 11:14:00
ubuntucve
ubuntucve
CVE-2014-1745
2014-05-21 00:00:00
debiancve
debiancve
CVE-2014-1745
2014-05-21 11:14:09
redhatcve
redhatcve
CVE-2014-1745
2024-03-18 16:22:34
nvd
nvd
CVE-2014-1745
2014-05-21 11:14:09
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0545-1)
2024-02-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0548-1)
2024-02-21 00:00:00
openSUSE: Security Advisory for webkit2gtk3 (SUSE-SU-2024:0548-1)
2024-03-04 00:00:00
nessus
nessus
SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2024:0519-1)
2024-02-17 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:0548-1)
2024-02-21 00:00:00
SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2024:0545-1)
2024-02-21 00:00:00
threatpost
threatpost
Chrome 35 Fixes 23 Security Flaws
2014-05-20 14:11:21
apple
apple
About the security content of Safari 16.4
2023-03-27 00:00:00
About the security content of iOS 16.4 and iPadOS 16.4
2023-03-27 00:00:00
About the security content of macOS Ventura 13.3
2023-03-27 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-05-20 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2939-1] chromium-browser security update
2014-06-09 00:00:00
Google Chrome / Chromium multiple security vulnerabilities
2014-06-09 00:00:00
chrome
chrome
Stable Channel Update
2014-05-20 00:00:00
debian
debian
[SECURITY] [DSA 2939-1] chromium-browser security update
2014-05-31 07:27:02
[SECURITY] [DSA 2939-1] chromium-browser security update
2014-05-31 07:27:02
kaspersky
kaspersky
KLA10007 Multiple vulnerabilities in Google Chrome
2014-05-20 00:00:00
osv
osv
chromium-browser - security update
2014-05-31 00:00:00
Important: webkit2gtk3 security update
2024-06-14 13:59:30
Important: webkit2gtk3 security update
2024-04-30 00:00:00
almalinux
almalinux
Important: webkit2gtk3 security update
2024-05-22 00:00:00
Important: webkit2gtk3 security update
2024-04-30 00:00:00
oraclelinux
oraclelinux
webkit2gtk3 security update
2024-05-02 00:00:00
webkit2gtk3 security update
2024-05-23 00:00:00
redhat
redhat
(RHSA-2024:2126) Important: webkit2gtk3 security update
2024-04-30 06:14:49
(RHSA-2024:2982) Important: webkit2gtk3 security update
2024-05-22 06:35:16
rocky
rocky
webkit2gtk3 security update
2024-06-14 13:59:30
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2024-04-26 09:47:12
gentoo
gentoo
Chromium: Multiple vulnerabilities
2014-08-30 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.3 High
AI Score
Confidence
High
0.017 Low
EPSS
Percentile
87.7%
Related for CVE-2014-1745