Vulnerability Details : CVE-2013-6663
Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the resizing of a view.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2013-6663
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.113:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.112:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.104:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.93:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.83:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.82:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.73:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.115:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.107:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.106:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.88:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.85:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.75:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.109:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.108:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.89:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.79:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.111:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.110:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.92:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.91:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.81:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.70:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.125:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.126:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.135:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.136:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.116:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.117:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.124:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.132:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:33.0.1750.133:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6663
2.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6663
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-6663
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6663
-
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
-
http://secunia.com/advisories/61318
Sign in
-
http://support.apple.com/kb/HT6441
About the security content of iOS 8 - Apple Support
-
https://code.google.com/p/chromium/issues/detail?id=344492
344492 - Heap-use-after-free in WebCore::SVGImage::setContainerSize - chromium - Monorail
-
http://www.securityfocus.com/bid/65930
Google Chrome Prior to 33.0.1750.146 Multiple Security Vulnerabilities
-
https://support.apple.com/kb/HT6537
About the security content of iTunes 12.0.1 - Apple Support
-
http://secunia.com/advisories/61306
Sign in
-
http://support.apple.com/kb/HT6440
About the security content of Safari 6.2 and SafariĀ 7.1 - Apple Support
-
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
-
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.debian.org/security/2014/dsa-2883
Debian -- Security Information -- DSA-2883-1 chromium-browser
-
http://support.apple.com/kb/HT6442
About the security content of Apple TV 7 - Apple Support
-
https://src.chromium.org/viewvc/blink?revision=168152&view=revision
[blink] Revision 168152
Jump to