CVE-2014-1745

EUVD-2014-1819
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
CISA-ADPADP
7.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 35.0.1916.113
googlechrome
35.0.1916.0
googlechrome
35.0.1916.1
googlechrome
35.0.1916.2
googlechrome
35.0.1916.3
googlechrome
35.0.1916.4
googlechrome
35.0.1916.5
googlechrome
35.0.1916.6
googlechrome
35.0.1916.7
googlechrome
35.0.1916.8
googlechrome
35.0.1916.9
googlechrome
35.0.1916.10
googlechrome
35.0.1916.11
googlechrome
35.0.1916.13
googlechrome
35.0.1916.14
googlechrome
35.0.1916.15
googlechrome
35.0.1916.17
googlechrome
35.0.1916.18
googlechrome
35.0.1916.19
googlechrome
35.0.1916.20
googlechrome
35.0.1916.21
googlechrome
35.0.1916.22
googlechrome
35.0.1916.23
googlechrome
35.0.1916.27
googlechrome
35.0.1916.31
googlechrome
35.0.1916.32
googlechrome
35.0.1916.33
googlechrome
35.0.1916.34
googlechrome
35.0.1916.35
googlechrome
35.0.1916.36
googlechrome
35.0.1916.37
googlechrome
35.0.1916.38
googlechrome
35.0.1916.39
googlechrome
35.0.1916.40
googlechrome
35.0.1916.41
googlechrome
35.0.1916.42
googlechrome
35.0.1916.43
googlechrome
35.0.1916.44
googlechrome
35.0.1916.45
googlechrome
35.0.1916.46
googlechrome
35.0.1916.47
googlechrome
35.0.1916.48
googlechrome
35.0.1916.49
googlechrome
35.0.1916.51
googlechrome
35.0.1916.52
googlechrome
35.0.1916.54
googlechrome
35.0.1916.56
googlechrome
35.0.1916.57
googlechrome
35.0.1916.59
googlechrome
35.0.1916.61
googlechrome
35.0.1916.68
googlechrome
35.0.1916.69
googlechrome
35.0.1916.71
googlechrome
35.0.1916.72
googlechrome
35.0.1916.74
googlechrome
35.0.1916.77
googlechrome
35.0.1916.80
googlechrome
35.0.1916.82
googlechrome
35.0.1916.84
googlechrome
35.0.1916.85
googlechrome
35.0.1916.86
googlechrome
35.0.1916.88
googlechrome
35.0.1916.90
googlechrome
35.0.1916.92
googlechrome
35.0.1916.93
googlechrome
35.0.1916.95
googlechrome
35.0.1916.96
googlechrome
35.0.1916.98
googlechrome
35.0.1916.99
googlechrome
35.0.1916.101
googlechrome
35.0.1916.103
googlechrome
35.0.1916.104
googlechrome
35.0.1916.105
googlechrome
35.0.1916.106
googlechrome
35.0.1916.107
googlechrome
35.0.1916.108
googlechrome
35.0.1916.109
googlechrome
35.0.1916.110
googlechrome
35.0.1916.111
googlechrome
35.0.1916.112
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
webkit2gtk
bookworm
2.44.2-1~deb12u1
ignored
bookworm (security)
2.46.0-2~deb12u1
fixed
bullseye
2.44.2-1~deb11u1
ignored
bullseye (security)
2.44.3-1~deb11u1
fixed
sid
2.46.3-1
fixed
trixie
2.46.2-1
fixed
wpewebkit
bookworm
ignored
bullseye
ignored
bullseye (security)
vulnerable
sid
2.46.3-1
fixed
trixie
2.46.3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 36.0.1985.125-0ubuntu1.12.04.0~pkg897
released
saucy
ignored
trusty
Fixed 36.0.1985.125-0ubuntu1.14.04.0~pkg1029
released
oxide-qt
lucid
dne
precise
dne
saucy
dne
trusty
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
http://secunia.com/advisories/58920
http://secunia.com/advisories/59155
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2939
http://www.openwall.com/lists/oss-security/2024/02/05/8
http://www.securitytracker.com/id/1030270
https://code.google.com/p/chromium/issues/detail?id=346192
https://src.chromium.org/viewvc/blink?revision=167993&view=revision
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
http://secunia.com/advisories/58920
http://secunia.com/advisories/59155
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2939
http://www.openwall.com/lists/oss-security/2024/02/05/8
http://www.securitytracker.com/id/1030270
https://code.google.com/p/chromium/issues/detail?id=346192
https://src.chromium.org/viewvc/blink?revision=167993&view=revision