UbuntuUSN-2326-1Oxide vulnerabilities
7.5 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.035 Low
EPSS
Percentile
91.4%
Releases
- Ubuntu 14.04 ESM
Packages
- oxide-qt - Web browser engine library for Qt (QML plugin)
Details
A use-after-free was discovered in the SVG implementation in Blink. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash, or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-3168)
A use-after-free was discovered in the DOM implementation in Blink. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash, or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-3169)
A use-after-free was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2014-3171)
It was discovered that WebGL clear calls did not interact properly with
the state of a draw buffer. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service. (CVE-2014-3173)
A threading issue was discovered in the Web Audio API during attempts to
update biquad filter coefficients. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service. (CVE-2014-3174)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial of
service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2014-3175)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | liboxideqtcore0 | < 1.1.2-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | liboxideqt-qmlplugin | < 1.1.2-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | oxideqmlscene | < 1.1.2-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | oxideqt-codecs | < 1.1.2-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | oxideqt-codecs-dbg | < 1.1.2-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | oxideqt-codecs-extra | < 1.1.2-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | oxideqt-codecs-extra-dbg | < 1.1.2-0ubuntu0.14.04.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | oxideqt-dbg | < 1.1.2-0ubuntu0.14.04.1 | UNKNOWN |
Related
7.5 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.035 Low
EPSS
Percentile
91.4%