CVE-2014-3168

2014-08-2701:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-3168

use-after-free

svg

blink

google chrome

denial of service

remote attackers

caching

animation

6.9 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

CPENameOperatorVersion
google:chromegoogle chromeeq37.0.2062.49
google:chromegoogle chromeeq37.0.2062.60
google:chromegoogle chromeeq37.0.2062.44
google:chromegoogle chromeeq37.0.2062.31
google:chromegoogle chromeeq37.0.2062.11
google:chromegoogle chromeeq37.0.2062.51
google:chromegoogle chromeeq37.0.2062.76
google:chromegoogle chromeeq37.0.2062.28
google:chromegoogle chromeeq37.0.2062.48
google:chromegoogle chromeeq37.0.2062.78

CPE	Name	Operator	Version
google:chrome	google chrome	eq	37.0.2062.49
google:chrome	google chrome	eq	37.0.2062.60
google:chrome	google chrome	eq	37.0.2062.44
google:chrome	google chrome	eq	37.0.2062.31
google:chrome	google chrome	eq	37.0.2062.11
google:chrome	google chrome	eq	37.0.2062.51
google:chrome	google chrome	eq	37.0.2062.76
google:chrome	google chrome	eq	37.0.2062.28
google:chrome	google chrome	eq	37.0.2062.48
google:chrome	google chrome	eq	37.0.2062.78