CVE-2014-1718 : Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content

Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.

Published 2014-04-09 10:57:16

Updated 2025-04-12 10:46:41

Source Chrome

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2014-1718

Google » Chrome
Versions up to, including, (<=) 34.0.1847.115
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-1718

EPSS FAQ

1.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 80 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-1718

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-1718

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1718

http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html

Chrome Releases: Stable Channel Update

CVEs referencing this url
https://code.google.com/p/chromium/issues/detail?id=348332

348332 - Security: Integer overflow allocating shared memory in SoftwareFrameManager::SwapToNewFrame() - chromium - Monorail
http://security.gentoo.org/glsa/glsa-201408-16.xml

Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo security

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html

openSUSE-SU-2014:0601-1: moderate: update for chromium

CVEs referencing this url
https://src.chromium.org/viewvc/chrome?revision=258418&view=revision

[chrome] Revision 258418
https://src.chromium.org/viewvc/chrome?revision=257417&view=revision

[chrome] Revision 257417
https://src.chromium.org/viewvc/chrome?revision=260969&view=revision

[chrome] Revision 260969
https://src.chromium.org/viewvc/chrome?revision=261817&view=revision

[chrome] Revision 261817
http://www.debian.org/security/2014/dsa-2905

Debian -- Security Information -- DSA-2905-1 chromium-browser

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-1718

Products affected by CVE-2014-1718

Exploit prediction scoring system (EPSS) score for CVE-2014-1718

CVSS scores for CVE-2014-1718

CWE ids for CVE-2014-1718

References for CVE-2014-1718