CVE-2014-7940 – ICU: uninitialized value use in the collation component
https://notcve.org/view.php?id=CVE-2014-7940
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. La implementación collator en i18n/ucol.cpp en International Components for Unicode (ICU) 52 hasta la revisión SVN 293126, utilizada en Google Chrome anterior a 40.0.2214.91, no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una secuencia de caracteres manipulada. • http://advisories.mageia.org/MGASA-2015-0047.html http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www& • CWE-399: Resource Management Errors •
CVE-2014-7941 – chromium-browser: out-of-bounds read in UI
https://notcve.org/view.php?id=CVE-2014-7941
The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. La función SelectionOwner::ProcessTarget en ui/base/x/selection_owner.cc en la implementación UI en Google Chrome anterior a 40.0.2214.91 utiliza un tipo de datos incorrecto para cierto valor de longitud, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de datos X11 manipulados. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 https://code.google.com/p/chromium/issues/detail?id=428557 https://codereview.chromium.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2014-7942 – chromium-browser: uninitialized-value in Fonts
https://notcve.org/view.php?id=CVE-2014-7942
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. La implementación Fuentes en Google Chrome anterior a 40.0.2214.91 no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores no conocidos • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVE-2014-7943 – chromium-browser: out-of-bounds read in Skia
https://notcve.org/view.php?id=CVE-2014-7943
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Skia, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2014-7944 – chromium-browser: out-of-bounds read in PDFium
https://notcve.org/view.php?id=CVE-2014-7944
The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. La función sycc422_to_rgb en fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, utilizado en Google Chrome anterior a 40.0.2214.91, no maneja correctamente los valores impares de la anchura de imágenes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un documento PDF manipulado. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 https://code.google.com/p/chromium/issues/detail?id=418881 https://pdfium.googlesource.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •