CVE-2014-7937 – chromium-browser: use-after-free in FFmpeg
https://notcve.org/view.php?id=CVE-2014-7937
Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. Múltiples errores de superación de límite (off-by-one) en libavcodec/vorbisdec.c en FFmpeg anterior a 2.4.2, utilizado en Google Chrome anterior a 40.0.2214.91, permiten a atacantes remotos causar una denegación de servicio (uso después de liberación) o posiblemente tener orto impacto no especificados a través de datos Vorbis I manipulados. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c50704ebf1777bee76772c4835d9760b3721057 http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://ww • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2014-7942 – chromium-browser: uninitialized-value in Fonts
https://notcve.org/view.php?id=CVE-2014-7942
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. La implementación Fuentes en Google Chrome anterior a 40.0.2214.91 no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores no conocidos • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVE-2015-1346 – chromium-browser: unspecified vulnerability in Google V8
https://notcve.org/view.php?id=CVE-2015-1346
Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.30.33.15,usado en Google Chrome anterior a 40.0.2214.91, permite a atacantes causar una denegación de servicio o la posibilidad de tener otro impacto a través de vectores no conocidos. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/100361 https://access.redhat.com/security/cve/CVE-2015-1346 https://bugzilla.redhat.com/show_bug.cgi?id=118 •
CVE-2014-7933 – chromium-browser: use-after-free in FFmpeg
https://notcve.org/view.php?id=CVE-2014-7933
Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. Vulnerabilidad de uso después de liberación en la función matroska_read_seek en libavformat/matroskadec.c en FFmpeg anterior a 2.5.1, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un fichero Matroska manipulado que provoca un mantenimiento incorrecto de los datos de pistas. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=490a3ebf36821b81f73e34ad3f554cb523dd2682 http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://ww • CWE-416: Use After Free •
CVE-2014-7932 – chromium-browser: use-after-free in DOM
https://notcve.org/view.php?id=CVE-2014-7932
Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements. Vulnerabilidad de uso después de liberación en la función Element::detach en core/dom/Element.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que involucran actualizaciones pendientes de elementos separados. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-416: Use After Free •