CVE-2014-3174Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
5.0MEDIUMNVD
OSV7.5
EPSS
2.2%
top 15.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedAug 27
Latest updateMay 17

Description

modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome37.0.2062.93+81

🔴Vulnerability Details

3
GHSA
GHSA-7292-q6p2-wf79: modules/webaudio/BiquadDSPKernel2022-05-17
OSV
oxide-qt vulnerabilities2014-09-02
OSV
CVE-2014-3174: modules/webaudio/BiquadDSPKernel2014-08-26

📋Vendor Advisories

1
Ubuntu
Oxide vulnerabilities2014-09-02