CVE-2014-3192Use After Free in Google Chrome

CWE-416Use After Free13 documents9 sources
Severity
7.5HIGHNVD
EPSS
1.7%
top 17.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apple Iphone OSApple ItunesApple Tvos+6 more
Timeline
PublishedOct 8
Latest updateMay 14

Description

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

NVDgoogle/chrome38.0.2125.7
NVDapple/tvos7.0.1
NVDapple/itunes12.1.3
NVDapple/iphone_os8.1.2
NVDapple/safari6.2.2, 7.1.2, 8.0.2+2

Also affects: Enterprise Linux 6.0, 6.6.z

🔴Vulnerability Details

4
GHSA
GHSA-xxfg-fm6v-83pq: Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction2022-05-14
OSV
oxide-qt vulnerabilities2014-10-14
CVEList
CVE-2014-3192: Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction2014-10-08
OSV
CVE-2014-3192: Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction2014-10-08

💥Exploits & PoCs

1
Exploit-DB
Apache - Denial of Service2011-12-09

📋Vendor Advisories

6
Ubuntu
Oxide vulnerabilities2014-10-14
Red Hat
chromium: use-after-free in DOM, fixed in Chrome 38.0.2125.1012014-10-07
Apple
CVE-2014-3192: Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3
Apple
CVE-2014-3192: iOS 8.1.3
Apple
CVE-2014-3192: iTunes 12.2

💬Community

1
Bugzilla
CVE-2014-3192 chromium: use-after-free in DOM, fixed in Chrome 38.0.2125.1012014-10-10
CVE-2014-3192 — Use After Free in Google Chrome | cvebase