Search for vulnerabilities
Vulnerability details: VCID-7nea-8rgc-aaap
Vulnerability ID VCID-7nea-8rgc-aaap
Aliases CVE-2014-7940
Summary The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
generic_textual Medium http://googlechromereleases.blogspot.com/2015/01/stable-update.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7940.html
rhas Important https://access.redhat.com/errata/RHSA-2015:0093
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.02727 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.04262 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
epss 0.06639 https://api.first.org/data/v1/epss?cve=CVE-2014-7940
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1185220
generic_textual Medium https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075
generic_textual Medium https://chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2014-7940
generic_textual Medium https://ubuntu.com/security/notices/USN-2476-1
generic_textual Medium https://ubuntu.com/security/notices/USN-2522-1
cvssv3.1 9.8 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
generic_textual LOW https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
cvssv3.1 6.1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Reference id Reference type URL
http://advisories.mageia.org/MGASA-2015-0047.html
http://googlechromereleases.blogspot.com/2015/01/stable-update.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7940.html
http://rhn.redhat.com/errata/RHSA-2015-0093.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7940.json
https://api.first.org/data/v1/epss?cve=CVE-2014-7940
https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075
https://chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8
https://code.google.com/p/chromium/issues/detail?id=433866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654
http://secunia.com/advisories/62383
http://secunia.com/advisories/62575
http://secunia.com/advisories/62665
http://security.gentoo.org/glsa/glsa-201502-13.xml
https://security.gentoo.org/glsa/201503-06
https://ubuntu.com/security/notices/USN-2476-1
https://ubuntu.com/security/notices/USN-2522-1
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/72288
http://www.securitytracker.com/id/1031623
http://www.ubuntu.com/usn/USN-2476-1
1185220 https://bugzilla.redhat.com/show_bug.cgi?id=1185220
776265 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:*
CVE-2014-7940 https://nvd.nist.gov/vuln/detail/CVE-2014-7940
GLSA-201502-13 https://security.gentoo.org/glsa/201502-13
RHSA-2015:0093 https://access.redhat.com/errata/RHSA-2015:0093
USN-2476-1 https://usn.ubuntu.com/2476-1/
USN-2522-1 https://usn.ubuntu.com/2522-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-7940
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.84665
EPSS Score 0.02727
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.