CVE-2023-1222

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-1222

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-1222

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-1222

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-1222

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-1222

CVE-2023-1222: Heap buffer overflow in the Web Audio API of Google Chrome/Chromium before 111.0.5563.64 allows remote exploitation via a crafted HTML page, risking heap corruption. Affected: Chromium-based browsers; root cause is a heap buffer overflow in Web Audio API handling. Remediation: upgr...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a boundary error in the Web Audio API component when handling untrusted input. A remote attacker could exploit this vulnerability to cause hea...

SUSE CVE-2014-1565

The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process...

SUSE CVE-2014-3174

modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service read of...

Vulnerability Spotlight: Code execution vulnerability in Google Web Audio API

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two use-after-free vulnerabilities in Google’s Web Audio API that an adversary could exploit to execute remote code on the victim machine. Web Audio API is a high-level JavaScript...

The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality of protected information.

A vulnerability exists in the mozilla::dom::AudioEventTimeline function within the implementation of the Web Audio API in Mozilla Firefox ESR, due to the improper creation of the audio data timeline. Exploiting this vulnerability allows malicious actors, operating remotely, to access confidential...

Updated firefox packages fix security vulnerabilities

Updated nss and firefox packages fix security vulnerabilities: Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash...

Updated iceape/sqlite3 packages fix security vulnerabilities

Updated iceape packages fix security issues. The sqlite3 package has been updated as well since the new iceape version requires the SQLITEENABLEDBSTATVTAB feature to be enabled in sqlite. This sqlite3 update also enables ICU support, fixing bug 16814 . Use-after-free vulnerability in the...

Mozilla Firefox Audio Processing Memory Misreference Vulnerability

Mozilla Firefox is an open source WEB browser. A memory misreference vulnerability in Mozilla Firefox MediaStream playback when processing audio via the Web Audio API allows remote attackers to construct a malicious web page and trick users into parsing it, which could crash the application or...

CVE-2015-4477

Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API...

Design/Logic Flaw

Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API...

CVE-2015-4477

CVE-2015-4477 is a use-after-free vulnerability in Firefox’s MediaStream playback, triggered by the Web Audio API during audio processing. The issue allows remote attackers to potentially execute arbitrary code and is associated with Firefox versions before 40.0. Remediation is to update to Firef...

CVE-2015-4477

Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API...

CVE-2015-4477

Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API...

Use-after-free in MediaStream playback — Mozilla

Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash...