CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5197 – Integer overflow in libvpx
https://notcve.org/view.php?id=CVE-2024-5197
03 Jun 2024 — There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct... • https://g-issues.chromium.org/issues/332382766 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6349 – Heap overflow in libvpx
https://notcve.org/view.php?id=CVE-2023-6349
27 May 2024 — A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above Existe una vulnerabilidad de desbordamiento de montón en libvpx codificar un frame que tiene dimensiones mayores que el tamaño configurado originalmente con VP9 puede resultar en un desbordamiento de montón en libvpx. Recomendamos actualizar a la versión 1.13.1 o superior. A flaw wa... • https://crbug.com/webm/1642 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1531 – Debian Security Advisory 5377-1
https://notcve.org/view.php?id=CVE-2023-1531
21 Mar 2023 — Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out of bound... • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7000 – Apple Safari WebSQL snippet Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7000
30 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • http://www.securityfocus.com/bid/98767 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7939 – chromium-browser: same-origin-bypass in V8
https://notcve.org/view.php?id=CVE-2014-7939
22 Jan 2015 — Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. Google Chrome anterior aq 40.0.2214.91, cuando el proxy Harmony en Google V8 está habilitado, permite a atacantes remotos evadir Same Origin Policy a través de código JavaScript manipulado con llamadas Proxy.create y conso... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 0CVE-2014-7941 – chromium-browser: out-of-bounds read in UI
https://notcve.org/view.php?id=CVE-2014-7941
22 Jan 2015 — The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. La función SelectionOwner::ProcessTarget en ui/base/x/selection_owner.cc en la implementación UI en Google Chrome anterior a 40.0.2214.91 utiliza un tipo de datos incorrecto para cierto valor de longitud, lo que permi... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2014-7942 – chromium-browser: uninitialized-value in Fonts
https://notcve.org/view.php?id=CVE-2014-7942
22 Jan 2015 — The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. La implementación Fuentes en Google Chrome anterior a 40.0.2214.91 no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores no conocidos... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2014-7943 – chromium-browser: out-of-bounds read in Skia
https://notcve.org/view.php?id=CVE-2014-7943
22 Jan 2015 — Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Skia, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a d... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1346 – chromium-browser: unspecified vulnerability in Google V8
https://notcve.org/view.php?id=CVE-2015-1346
22 Jan 2015 — Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.30.33.15,usado en Google Chrome anterior a 40.0.2214.91, permite a atacantes causar una denegación de servicio o la posibilidad de tener otro impacto a través de vectores no conocidos. Several memory corruption bugs were discovered... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2015-1205 – chromium-browser: multiple unspecified vulnerabilities
https://notcve.org/view.php?id=CVE-2015-1205
22 Jan 2015 — Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 40.0.2214.91 permite a atacantes causar una denegación de servicio o la posibilidad de tener otro impacto a través de vectores desconocidos Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attack... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html •