CVE-2014-1736
Google Chrome ImageData Signedness Error Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value.
Desbordamiento de enteros en api.cc en Google V8, utilizado en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anteriores 34.0.1847.132 en Linux, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un valor de longitud grande.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of ImageData objects. In certain conditions, an attacker would be able to read and write pixel data. An attacker can leverage this vulnerability to execute code under the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-29 CVE Reserved
- 2014-05-06 CVE Published
- 2023-12-17 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html | X_refsource_confirm | |
| http://secunia.com/advisories/58301 | Third Party Advisory | |
| https://code.google.com/p/chromium/issues/detail?id=359802 | X_refsource_confirm | |
| https://code.google.com/p/v8/source/detail?r=20519 | X_refsource_confirm | |
| https://code.google.com/p/v8/source/detail?r=20525 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2014/dsa-2920 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 34.0.1847.131 Search vendor "Google" for product "Chrome" and version " < 34.0.1847.131" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 34.0.1847.131 Search vendor "Google" for product "Chrome" and version " < 34.0.1847.131" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 34.0.1847.132 Search vendor "Google" for product "Chrome" and version " < 34.0.1847.132" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|