CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7904 – chromium-browser: Buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2014-7904
Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Desbordamiento de buffer en Skia, utilizado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://secunia.com/advisories/62608 http://www.securityfocus.com/bid/71166 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=418161 https://exchange.xforce.ibmcloud.com/vulnerabilities/98792 https://access.redhat.com/security/cve/CVE-2014-7904 https://bugzilla.redhat.com/show_ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7908 – chromium-browser: Integer overflow in media
https://notcve.org/view.php?id=CVE-2014-7908
Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. Múltiples desbordamientos de enteros en la función CheckMov ubicada en media/base/container_names.cc en Google Chorme anterior a 39.0.2171.65 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un atomo grande en (1) MPEG-4 o (2) QuickTime.mov. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://secunia.com/advisories/62608 http://www.securityfocus.com/bid/71168 http://www.securitytracker.com/id/1031241 https://chromium.googlesource.com/chromium/src/+/b2006ac87cec58363090e7d5e10d5d9e3bbda9f9 https://code.google.com/p/chromium/issues/detail?id=425980 https://exchange.xforce.ibmcloud.com/vulnerabilities/98796 https://acce • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7903
https://notcve.org/view.php?id=CVE-2014-7903
Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. Desbordamiento de buffer en OpenJPEG anterior a r2911 en PDFium, usado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de una imagen JPEG manipulada. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://www.securityfocus.com/bid/71164 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=414525 https://exchange.xforce.ibmcloud.com/vulnerabilities/98791 https://pdfium.googlesource.com/pdfium/+/4dc95e74e1acc75f4eab08bc771874cd2a9c3a9b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7901
https://notcve.org/view.php?id=CVE-2014-7901
Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image. Desbordamiento de enteros en la función opj_t2_read_packer en fxcodec/fx_ligopenjpeg/libopenjpeg20/t2.c en OpenJPEG en PDFium, usado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un segmento largo en una imagen JPEG. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://www.securityfocus.com/bid/71158 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=413375 https://exchange.xforce.ibmcloud.com/vulnerabilities/98789 https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7906 – chromium-browser: Use-after-free in pepper plugins
https://notcve.org/view.php?id=CVE-2014-7906
Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime. Vulnerabilidad de uso después de liberación en los plugins Pepper en Google Chrome anterior a 39.0.2171.65 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través del contenido de un Flash manipulado que provoca un intento de acceso a PepperMediaDeviceManager fuera del curso de la vida del objeto. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://www.securityfocus.com/bid/71159 http://www.securitytracker.com/id/1031241 https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31 https://code.google.com/p/chromium/issues/detail?id=423030 https://exchange.xforce.ibmcloud.com/vulnerabilities/98794 https://access.redhat.com/security/cve/CVE-2014-7 • CWE-399: Resource Management Errors CWE-416: Use After Free •