CVE-2014-3174

Description

modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.

References

https://src.chromium.org/viewvc/blink?revision=177250&view=revision

https://exchange.xforce.ibmcloud.com/vulnerabilities/95474

https://crbug.com/389219

http://www.securitytracker.com/id/1030767

http://www.securityfocus.com/bid/69407

http://www.debian.org/security/2014/dsa-3039

http://security.gentoo.org/glsa/glsa-201408-16.xml

http://secunia.com/advisories/61482

http://secunia.com/advisories/60424

http://secunia.com/advisories/60268

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html

http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3