Vulnerability Details : CVE-2014-3173
The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-3173
Probability of exploitation activity in the next 30 days: 2.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3173
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-3173
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3173
-
http://security.gentoo.org/glsa/glsa-201408-16.xml
Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo security
-
http://secunia.com/advisories/60424
Sign in
-
http://secunia.com/advisories/60268
Sign in
-
http://www.debian.org/security/2014/dsa-3039
Debian -- Security Information -- DSA-3039-1 chromium-browser
-
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://src.chromium.org/viewvc/chrome?revision=275338&view=revision
[chrome] Revision 275338Patch
-
http://secunia.com/advisories/61482
Sign in
-
http://www.securityfocus.com/bid/69403
Google Chrome CVE-2014-3173 Information Disclosure Vulnerability
-
https://crbug.com/376951
376951 - Security: webgl draw buffers extension can expose unitialized video memory to webpage - chromium - Monorail
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
[security-announce] openSUSE-SU-2014:1151-1: important: chromium to 37.0
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95473
Google Chrome WebGL information disclosure CVE-2014-3173 Vulnerability Report
-
http://www.securitytracker.com/id/1030767
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information - SecurityTracker
Products affected by CVE-2014-3173
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.75:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.91:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.72:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.70:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.78:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.92:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.73:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.81:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.89:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:37.0.2062.9:*:*:*:*:*:*:*