CVE-2014-3173
Published: 26 August 2014
The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(37.0.2062.94-0ubuntu0.12.04.1~pkg909)
|
|
trusty |
Released
(37.0.2062.94-0ubuntu0.14.04.1~pkg1042)
|
|
upstream |
Released
(37.0.2062.94)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Released
(1.1.2-0ubuntu0.14.04.1)
|
|
upstream |
Needs triage
|