CVE-2024-21640

Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.
Configurations

Configuration 1 (hide)

cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.6
v2 : unknown
v3 : 5.4
References () https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b - Patch () https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b - Patch
References () https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh - Exploit, Vendor Advisory () https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh - Exploit, Vendor Advisory

22 Jan 2024, 19:20

Type Values Removed Values Added
References () https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh - () https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh - Exploit, Vendor Advisory
References () https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b - () https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b - Patch
CPE cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.6
First Time Chromiumembedded
Chromiumembedded chromium Embedded Framework

13 Jan 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-13 08:15

Updated : 2024-11-21 08:54


NVD link : CVE-2024-21640

Mitre link : CVE-2024-21640

CVE.ORG link : CVE-2024-21640


JSON object : View

Products Affected

chromiumembedded

  • chromium_embedded_framework
CWE
CWE-125

Out-of-bounds Read