VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-7szj-rrup-qfgb

Essentials
Severities (39)
References (34)
Severity details (22)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-7szj-rrup-qfgb
Aliases	CVE-2014-1745
Summary	Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.
Status	Published
Exploitability	0.5
Weighted Severity	6.4
Risk	3.2
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-400

Uncontrolled Resource Consumption

System	Score	Found at
cvssv3.1	7.1	http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
ssvc	Track	http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
cvssv3.1	7.1	http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
ssvc	Track	http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
cvssv3	7.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1745.json
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.00937	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.01231	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.01436	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.01436	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.01436	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
epss	0.01436	https://api.first.org/data/v1/epss?cve=CVE-2014-1745
cvssv3.1	7.1	https://code.google.com/p/chromium/issues/detail?id=346192
ssvc	Track	https://code.google.com/p/chromium/issues/detail?id=346192
cvssv3.1	7.1	http://secunia.com/advisories/58920
ssvc	Track	http://secunia.com/advisories/58920
cvssv3.1	7.1	http://secunia.com/advisories/59155
ssvc	Track	http://secunia.com/advisories/59155
cvssv3.1	7.1	http://security.gentoo.org/glsa/glsa-201408-16.xml
ssvc	Track	http://security.gentoo.org/glsa/glsa-201408-16.xml
cvssv3.1	6.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.1	https://src.chromium.org/viewvc/blink?revision=167993&view=revision
ssvc	Track	https://src.chromium.org/viewvc/blink?revision=167993&view=revision
cvssv3.1	7.1	http://www.debian.org/security/2014/dsa-2939
ssvc	Track	http://www.debian.org/security/2014/dsa-2939
cvssv3.1	7.1	http://www.openwall.com/lists/oss-security/2024/02/05/8
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/02/05/8
cvssv3.1	7.1	http://www.securitytracker.com/id/1030270
ssvc	Track	http://www.securitytracker.com/id/1030270

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1745.json
		https://api.first.org/data/v1/epss?cve=CVE-2014-1745
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1743
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1744
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1746
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1747
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1749
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3152
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3803
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42970
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1030270		http://www.securitytracker.com/id/1030270
2270151		https://bugzilla.redhat.com/show_bug.cgi?id=2270151
58920		http://secunia.com/advisories/58920
59155		http://secunia.com/advisories/59155
8		http://www.openwall.com/lists/oss-security/2024/02/05/8
blink?revision=167993&view=revision		https://src.chromium.org/viewvc/blink?revision=167993&view=revision
detail?id=346192		https://code.google.com/p/chromium/issues/detail?id=346192
dsa-2939		http://www.debian.org/security/2014/dsa-2939
glsa-201408-16.xml		http://security.gentoo.org/glsa/glsa-201408-16.xml
msg00023.html		http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
RHSA-2024:2126		https://access.redhat.com/errata/RHSA-2024:2126
RHSA-2024:2982		https://access.redhat.com/errata/RHSA-2024:2982
RHSA-2025:10364		https://access.redhat.com/errata/RHSA-2025:10364
stable-channel-update_20.html		http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1745.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at https://code.google.com/p/chromium/issues/detail?id=346192

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at https://code.google.com/p/chromium/issues/detail?id=346192

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at http://secunia.com/advisories/58920

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at http://secunia.com/advisories/58920

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at http://secunia.com/advisories/59155

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at http://secunia.com/advisories/59155

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at http://security.gentoo.org/glsa/glsa-201408-16.xml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at http://security.gentoo.org/glsa/glsa-201408-16.xml

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at https://src.chromium.org/viewvc/blink?revision=167993&view=revision

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at https://src.chromium.org/viewvc/blink?revision=167993&view=revision

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at http://www.debian.org/security/2014/dsa-2939

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at http://www.debian.org/security/2014/dsa-2939

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at http://www.openwall.com/lists/oss-security/2024/02/05/8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at http://www.openwall.com/lists/oss-security/2024/02/05/8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Found at http://www.securitytracker.com/id/1030270

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:40:21Z/ Found at http://www.securitytracker.com/id/1030270

Exploit Prediction Scoring System (EPSS)

Percentile	0.75241
EPSS Score	0.00937
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:31:31.146713+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2014/1xxx/CVE-2014-1745.json	37.0.0