CVE-2014-3174 Information
Description
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink as used in Google Chrome before 37.0.2062.94 does not properly consider concurrent threads during attempts to update biquad filter coefficients which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.
Reference
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69407 http://www.securitytracker.com/id/1030767 https://crbug.com/389219 https://exchange.xforce.ibmcloud.com/vulnerabilities/95474 https://src.chromium.org/viewvc/blink?revision=177250&view=revision
Share on: