CVE-2013-2912
published 2013-10-02CVE-2013-2912: Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API…
PriorityP270high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.45%
70.1th percentile
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.
Affected
59 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | <= 30.0.1599.65 | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hpc6-f88x-mcvx: Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router
ghsa_unreviewed·2022-05-17
CVE-2013-2912 [HIGH] GHSA-hpc6-f88x-mcvx: Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.
VulnCheck
Google Chrome Pepper Plug-in API (PPAPI) PepperInProcessRouter::SendToHost Vulnerability
vulncheck·2013·CVSS 7.5
CVE-2013-2912 [HIGH] Google Chrome Pepper Plug-in API (PPAPI) PepperInProcessRouter::SendToHost Vulnerability
Google Chrome Pepper Plug-in API (PPAPI) PepperInProcessRouter::SendToHost Vulnerability
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.
Affected: Google Chrome
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/threat-landscape-report-2h-2023.pdf
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-0462 OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760)
bugzilla·2014-06-09·CVSS 5.0
CVE-2014-0462 [MEDIUM] CVE-2014-0462 OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760)
CVE-2014-0462 OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760)
The CVE id CVE-2014-0462 was assigned to the following issue:
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.
References:
http://www.debian.org/security/2014/dsa-2912
http://www.ubuntu.com/usn/USN-2191-1
http://secunia.com/advisories/58415
Discussion:
This CVE id was assigned incorrectly as a duplicate of libjpeg CVE-2013-6629 (see bug 1031734) for a bundled copy of the libjpeg code used in the OpenJDK sources. Incorrect assignment of the id was identified before the new releases were announced, so the id did not appear in those announcements. The id was b
Bugzilla
CVE-2014-2405 OpenJDK: libpng unhandled zero-length PLTE chunk or NULL palette (AWT, 8031352)
bugzilla·2014-06-09·CVSS 6.5
CVE-2014-2405 [MEDIUM] CVE-2014-2405 OpenJDK: libpng unhandled zero-length PLTE chunk or NULL palette (AWT, 8031352)
CVE-2014-2405 OpenJDK: libpng unhandled zero-length PLTE chunk or NULL palette (AWT, 8031352)
The CVE id CVE-2014-2405 was assigned to the following issue:
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.
References:
http://www.debian.org/security/2014/dsa-2912
http://www.ubuntu.com/usn/USN-2191-1
http://secunia.com/advisories/58415
Discussion:
This CVE id was assigned incorrectly as a duplicate of libpng CVE-2013-6954 (see bug 1045561) for a bundled copy of the ligpng code used in the OpenJDK sources. Incorrect assignment of the id was identified before the new releases were announced, so the id did not appear in those announcements. The id was
http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00042.htmlhttp://www.debian.org/security/2013/dsa-2785https://code.google.com/p/chromium/issues/detail?id=276368https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962https://src.chromium.org/viewvc/chrome?revision=222614&view=revisionhttp://googlechromereleases.blogspot.com/2013/10/stable-channel-update.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00042.htmlhttp://www.debian.org/security/2013/dsa-2785https://code.google.com/p/chromium/issues/detail?id=276368https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962https://src.chromium.org/viewvc/chrome?revision=222614&view=revision
2013-10-02
Published
Exploited in the wild