CVE-2014-7942

Current Description

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Basic Data

PublishedJanuary 22, 2015
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationChromiumChromium40.0.2214.110*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Desktop Supplementary6.0*******
    2.3OSRedhatEnterprise Linux Server Supplementary6.0*******
    2.3OSRedhatEnterprise Linux Server Supplementary Eus6.6.z*******
    2.3OSRedhatEnterprise Linux Workstation Supplementary6.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGoogleChrome********40.0.2214.85
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSOpensuseOpensuse13.1*******
    2.3OSOpensuseOpensuse13.2*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux14.10*******

Vulnerable Software List

VendorProductVersions
Chromium Chromium 40.0.2214.110
Redhat Enterprise Linux Desktop Supplementary 6.0
Redhat Enterprise Linux Server Supplementary 6.0
Redhat Enterprise Linux Workstation Supplementary 6.0
Redhat Enterprise Linux Server Supplementary Eus 6.6.z
Canonical Ubuntu Linux 14.04, 14.10
Opensuse Opensuse 13.1, 13.2
Google Chrome *

References

NameSourceURLTags
http://googlechromereleases.blogspot.com/2015/01/stable-update.htmlhttp://googlechromereleases.blogspot.com/2015/01/stable-update.htmlCONFIRMVendor Advisory
openSUSE-SU-2015:0441http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.htmlSUSE
RHSA-2015:0093http://rhn.redhat.com/errata/RHSA-2015-0093.htmlREDHAT
62383http://secunia.com/advisories/62383SECUNIA
62575http://secunia.com/advisories/62575SECUNIA
62665http://secunia.com/advisories/62665SECUNIA
GLSA-201502-13http://security.gentoo.org/glsa/glsa-201502-13.xmlGENTOO
72288http://www.securityfocus.com/bid/72288BID
1031623http://www.securitytracker.com/id/1031623SECTRACK
USN-2476-1http://www.ubuntu.com/usn/USN-2476-1UBUNTU
https://code.google.com/p/chromium/issues/detail?id=426762https://code.google.com/p/chromium/issues/detail?id=426762CONFIRMVendor Advisory