CVE-2013-6649

Exploit

EPSS 0.93%
Veröffentlicht 28.01.2014 14:30:33
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 32.0.1700.101

Google ≫ Chrome Version32.0.1700.0

Google ≫ Chrome Version32.0.1700.2

Google ≫ Chrome Version32.0.1700.3

Google ≫ Chrome Version32.0.1700.4

Google ≫ Chrome Version32.0.1700.5

Google ≫ Chrome Version32.0.1700.6

Google ≫ Chrome Version32.0.1700.7

Google ≫ Chrome Version32.0.1700.8

Google ≫ Chrome Version32.0.1700.9

Google ≫ Chrome Version32.0.1700.10

Google ≫ Chrome Version32.0.1700.11

Google ≫ Chrome Version32.0.1700.12

Google ≫ Chrome Version32.0.1700.13

Google ≫ Chrome Version32.0.1700.14

Google ≫ Chrome Version32.0.1700.15

Google ≫ Chrome Version32.0.1700.16

Google ≫ Chrome Version32.0.1700.17

Google ≫ Chrome Version32.0.1700.18

Google ≫ Chrome Version32.0.1700.19

Google ≫ Chrome Version32.0.1700.21

Google ≫ Chrome Version32.0.1700.22

Google ≫ Chrome Version32.0.1700.23

Google ≫ Chrome Version32.0.1700.24

Google ≫ Chrome Version32.0.1700.26

Google ≫ Chrome Version32.0.1700.27

Google ≫ Chrome Version32.0.1700.28

Google ≫ Chrome Version32.0.1700.29

Google ≫ Chrome Version32.0.1700.30

Google ≫ Chrome Version32.0.1700.31

Google ≫ Chrome Version32.0.1700.32

Google ≫ Chrome Version32.0.1700.33

Google ≫ Chrome Version32.0.1700.34

Google ≫ Chrome Version32.0.1700.35

Google ≫ Chrome Version32.0.1700.38

Google ≫ Chrome Version32.0.1700.39

Google ≫ Chrome Version32.0.1700.41

Google ≫ Chrome Version32.0.1700.50

Google ≫ Chrome Version32.0.1700.51

Google ≫ Chrome Version32.0.1700.52

Google ≫ Chrome Version32.0.1700.53

Google ≫ Chrome Version32.0.1700.54

Google ≫ Chrome Version32.0.1700.55

Google ≫ Chrome Version32.0.1700.56

Google ≫ Chrome Version32.0.1700.57

Google ≫ Chrome Version32.0.1700.58

Google ≫ Chrome Version32.0.1700.59

Google ≫ Chrome Version32.0.1700.62

Google ≫ Chrome Version32.0.1700.63

Google ≫ Chrome Version32.0.1700.64

Google ≫ Chrome Version32.0.1700.65

Google ≫ Chrome Version32.0.1700.66

Google ≫ Chrome Version32.0.1700.67

Google ≫ Chrome Version32.0.1700.68

Google ≫ Chrome Version32.0.1700.69

Google ≫ Chrome Version32.0.1700.70

Google ≫ Chrome Version32.0.1700.71

Google ≫ Chrome Version32.0.1700.72

Google ≫ Chrome Version32.0.1700.74

Google ≫ Chrome Version32.0.1700.75

Google ≫ Chrome Version32.0.1700.76

Google ≫ Chrome Version32.0.1700.77

Google ≫ Chrome Version32.0.1700.94

Google ≫ Chrome Version32.0.1700.95

Google ≫ Chrome Version32.0.1700.96

Google ≫ Chrome Version32.0.1700.97

Google ≫ Chrome Version32.0.1700.98

Google ≫ Chrome Version32.0.1700.99

Google ≫ Chrome Version32.0.1700.100

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Opensuse ≫ Opensuse Version12.3

Opensuse ≫ Opensuse Version13.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.93%	0.74

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html

Third Party Advisory

http://www.debian.org/security/2014/dsa-2862

Third Party Advisory

http://crbug.com/330420

Exploit

http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html

Vendor Advisory

https://src.chromium.org/viewvc/blink?revision=164536&view=revision

https://nvd.nist.gov/vuln/detail/CVE-2013-6649

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6649

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6649

EUVD