CVE-2014-1746Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
5.0MEDIUMNVD
OSV7.8
EPSS
0.8%
top 25.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedMay 21
Latest updateMay 14

Description

The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome35.0.1916.113+79

🔴Vulnerability Details

3
GHSA
GHSA-589f-gfrj-qgvx: The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol2022-05-14
OSV
oxide-qt vulnerabilities2014-07-23
OSV
CVE-2014-1746: The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol2014-05-21

📋Vendor Advisories

1
Ubuntu
Oxide vulnerabilities2014-07-23