CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7947 – chromium-browser: out-of-bounds read in PDFium
https://notcve.org/view.php?id=CVE-2014-7947
OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c. OpenJPEG anterior a r2944, usado en PDFium en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un documento PDF modificado, relacionado con j2k.c, jp2.c, pi.c, t1.c, t2.c, y tcd.c. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 https://code.google.com/p/chromium/issues/detail?id=430566 https://pdfium.googlesource.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7925 – chromium-browser: use-after-free in WebAudio
https://notcve.org/view.php?id=CVE-2014-7925
Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained. Vulnerabilidad de uso después de liberación en la implementación WebAudio en Blink, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan un hilo de renderización de audio en el cual datos AudioNode se mantienen incorrectamente. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2014-7926 – ICU: regexp engine incorrect handling of a zero length quantifier
https://notcve.org/view.php?id=CVE-2014-7926
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. El paquete Regular Expressions en International Components for Unicode (ICU) 52 anterior a la versión SVN 292944, como es usado en Google Chrome anterior a la versión 40.0.2214.91, permite a los atacantes remotos generar una Denegación de Servicio (corrupción de la memoria) o posiblemente tener otros impactos no especificados por medio de vectores relacionados con un cuantificador zero-length. • http://advisories.mageia.org/MGASA-2015-0047.html http://bugs.icu-project.org/trac/ticket/11369 http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.oracle.com/technetwork/t • CWE-17: DEPRECATED: Code CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7936 – chromium-browser: use-after-free in Views
https://notcve.org/view.php?id=CVE-2014-7936
Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble. Vulnerabilidad uso después de liberación en la función ZoomBubbleView::Close en browser/ui/views/location_bar/zoom_bubble_view.cc en la implementación Views en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de un documento momificado que lanza un mantenimiento inapropiado de una burbuja ampliada. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 https://code.google.com/p/chromium/issues/detail?id=428561 https://codereview.chromium.org • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2014-7937 – chromium-browser: use-after-free in FFmpeg
https://notcve.org/view.php?id=CVE-2014-7937
Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. Múltiples errores de superación de límite (off-by-one) en libavcodec/vorbisdec.c en FFmpeg anterior a 2.4.2, utilizado en Google Chrome anterior a 40.0.2214.91, permiten a atacantes remotos causar una denegación de servicio (uso después de liberación) o posiblemente tener orto impacto no especificados a través de datos Vorbis I manipulados. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c50704ebf1777bee76772c4835d9760b3721057 http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://ww • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •