CVE-2013-2904

EUVD-2013-2843
Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 29.0.1547.56
googlechrome
29.0.1547.0
googlechrome
29.0.1547.1
googlechrome
29.0.1547.2
googlechrome
29.0.1547.3
googlechrome
29.0.1547.4
googlechrome
29.0.1547.5
googlechrome
29.0.1547.7
googlechrome
29.0.1547.8
googlechrome
29.0.1547.9
googlechrome
29.0.1547.10
googlechrome
29.0.1547.11
googlechrome
29.0.1547.12
googlechrome
29.0.1547.13
googlechrome
29.0.1547.14
googlechrome
29.0.1547.15
googlechrome
29.0.1547.16
googlechrome
29.0.1547.17
googlechrome
29.0.1547.18
googlechrome
29.0.1547.19
googlechrome
29.0.1547.20
googlechrome
29.0.1547.21
googlechrome
29.0.1547.22
googlechrome
29.0.1547.23
googlechrome
29.0.1547.27
googlechrome
29.0.1547.28
googlechrome
29.0.1547.29
googlechrome
29.0.1547.30
googlechrome
29.0.1547.31
googlechrome
29.0.1547.32
googlechrome
29.0.1547.33
googlechrome
29.0.1547.34
googlechrome
29.0.1547.35
googlechrome
29.0.1547.36
googlechrome
29.0.1547.37
googlechrome
29.0.1547.38
googlechrome
29.0.1547.39
googlechrome
29.0.1547.40
googlechrome
29.0.1547.41
googlechrome
29.0.1547.42
googlechrome
29.0.1547.45
googlechrome
29.0.1547.46
googlechrome
29.0.1547.47
googlechrome
29.0.1547.48
googlechrome
29.0.1547.49
googlechrome
29.0.1547.50
googlechrome
29.0.1547.51
googlechrome
29.0.1547.52
googlechrome
29.0.1547.53
googlechrome
29.0.1547.54
googlechrome
29.0.1547.55
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 30.0.1599.114-0ubuntu0.12.04.3
released
quantal
Fixed 30.0.1599.114-0ubuntu0.12.10.2
released
raring
Fixed 30.0.1599.114-0ubuntu0.13.04.2
released
saucy
not-affected
Common Weakness Enumeration
References
http://crbug.com/260428
http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html
http://www.debian.org/security/2013/dsa-2741
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18550
https://src.chromium.org/viewvc/blink?revision=154680&view=revision
http://crbug.com/260428
http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html
http://www.debian.org/security/2013/dsa-2741
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18550
https://src.chromium.org/viewvc/blink?revision=154680&view=revision