CVE

Id
66596  
CVE No.
CVE-2013-6649  
Status
Candidate  
Description
Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image.  
Phase
Assigned (20131105)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
646154 66596 CVE-2013-6649 CONFIRM:http://crbug.com/330420  View
646155 66596 CVE-2013-6649 CONFIRM:http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html  View
646156 66596 CVE-2013-6649 CONFIRM:https://src.chromium.org/viewvc/blink?revision=164536&view=revision  View
646157 66596 CVE-2013-6649 DEBIAN:DSA-2862  View
646158 66596 CVE-2013-6649 URL:http://www.debian.org/security/2014/dsa-2862  View
646159 66596 CVE-2013-6649 SUSE:openSUSE-SU-2014:0243  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
24500 JVNDB-2013-006075 Google Chrome で使用される Blink の core/svg/SVGAnimateElement.cpp におけるサービス運用妨害 (DoS) の脆弱性 Google Chrome で使用される Blink の core/svg/SVGAnimateElement.cpp の SVGAnimateElement::calculateAnimatedValue 関数は、想定外のデータ型を適切に処理しないため、サービス運用妨害 (不正なキャスト) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。 CVE-2013-6654 66596 7.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-006075.html  View