Vulnerability Details : CVE-2014-3168
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.
Vulnerability category: Memory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-3168
Probability of exploitation activity in the next 30 days: 2.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3168
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-3168
-
http://security.gentoo.org/glsa/glsa-201408-16.xml
Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo security
-
http://secunia.com/advisories/60424
Sign in
-
http://secunia.com/advisories/60268
Sign in
-
http://www.debian.org/security/2014/dsa-3039
Debian -- Security Information -- DSA-3039-1 chromium-browser
-
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://src.chromium.org/viewvc/blink?revision=174923&view=revision
[blink] Revision 174923Patch
-
http://secunia.com/advisories/61482
Sign in
-
https://src.chromium.org/viewvc/blink?revision=174338&view=revision
[blink] Revision 174338Patch
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
[security-announce] openSUSE-SU-2014:1151-1: important: chromium to 37.0
-
https://crbug.com/369860
369860 - Security: ASAN heap-use-after-free in SVGElement::propertyFromAttribute - chromium - Monorail
-
http://www.securitytracker.com/id/1030767
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information - SecurityTracker
-
http://www.securityfocus.com/bid/69398
Google Chrome CVE-2014-3168 Use After Free Remote Code Execution Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95468
Google Chrome SVG code execution CVE-2014-3168 Vulnerability Report
Products affected by CVE-2014-3168
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.75:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.91:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.72:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.70:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.78:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.92:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.73:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.81:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.89:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.9:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*