Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.
References
Configurations
History
21 Nov 2024, 08:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | () https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b - Patch | |
References | () https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh - Exploit, Vendor Advisory |
22 Jan 2024, 19:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh - Exploit, Vendor Advisory | |
References | () https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b - Patch | |
CPE | cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
First Time |
Chromiumembedded
Chromiumembedded chromium Embedded Framework |
13 Jan 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-13 08:15
Updated : 2024-11-21 08:54
NVD link : CVE-2024-21640
Mitre link : CVE-2024-21640
CVE.ORG link : CVE-2024-21640
JSON object : View
Products Affected
chromiumembedded
- chromium_embedded_framework
CWE
CWE-125
Out-of-bounds Read