CVE-2014-3173

2014-08-2701:55:00

CWE-119

[email protected]

web.nvd.nist.gov

webgl

google chrome

denial of service

cve-2014-3173

security vulnerability

nvd

5.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.

CPENameOperatorVersion
google:chromegoogle chromeeq37.0.2062.49
google:chromegoogle chromeeq37.0.2062.60
google:chromegoogle chromeeq37.0.2062.44
google:chromegoogle chromeeq37.0.2062.31
google:chromegoogle chromeeq37.0.2062.11
google:chromegoogle chromeeq37.0.2062.51
google:chromegoogle chromeeq37.0.2062.76
google:chromegoogle chromeeq37.0.2062.28
google:chromegoogle chromeeq37.0.2062.48
google:chromegoogle chromeeq37.0.2062.78

CPE	Name	Operator	Version
google:chrome	google chrome	eq	37.0.2062.49
google:chrome	google chrome	eq	37.0.2062.60
google:chrome	google chrome	eq	37.0.2062.44
google:chrome	google chrome	eq	37.0.2062.31
google:chrome	google chrome	eq	37.0.2062.11
google:chrome	google chrome	eq	37.0.2062.51
google:chrome	google chrome	eq	37.0.2062.76
google:chrome	google chrome	eq	37.0.2062.28
google:chrome	google chrome	eq	37.0.2062.48
google:chrome	google chrome	eq	37.0.2062.78