VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-p3pk-5m9e-a7a2

Essentials
Severities (19)
References (89)
Severity details (15)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-p3pk-5m9e-a7a2
Aliases	CVE-2019-13720
Summary	A heap use-after-free flaw in Qt WebEngine at worst might allow an attacker to execute arbitrary code.
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.html
cvssv3.1	8.8	http://packetstormsecurity.com/files/167066/Google-Chrome-78.0.3904.70-Remote-Code-Execution.html
ssvc	Attend	http://packetstormsecurity.com/files/167066/Google-Chrome-78.0.3904.70-Remote-Code-Execution.html
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13720.json
epss	0.89586	https://api.first.org/data/v1/epss?cve=CVE-2019-13720
epss	0.89586	https://api.first.org/data/v1/epss?cve=CVE-2019-13720
epss	0.89586	https://api.first.org/data/v1/epss?cve=CVE-2019-13720
epss	0.89586	https://api.first.org/data/v1/epss?cve=CVE-2019-13720
cvssv3.1	8.8	https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
ssvc	Attend	https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
cvssv3.1	8.8	https://crbug.com/1019226
ssvc	Attend	https://crbug.com/1019226
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2019-13720
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2019-13720
archlinux	Critical	https://security.archlinux.org/AVG-1058
archlinux	Critical	https://security.archlinux.org/AVG-1061
cvssv3.1	8.8	https://security.gentoo.org/glsa/202004-04
ssvc	Attend	https://security.gentoo.org/glsa/202004-04

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.html
		http://packetstormsecurity.com/files/167066/Google-Chrome-78.0.3904.70-Remote-Code-Execution.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13720.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-13720
		https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
		https://crbug.com/1019226
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13659
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13660
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13661
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13662
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13663
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13664
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13665
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13666
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13667
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13668
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13669
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13670
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13671
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13672
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13673
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13674
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13675
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13676
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13677
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13678
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13679
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13680
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13681
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13682
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13683
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13685
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13686
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13687
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13688
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13691
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13692
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13693
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13694
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13695
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13696
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13697
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13699
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13700
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13701
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13703
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13704
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13705
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13706
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13707
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13708
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13709
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13710
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13711
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13713
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13714
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13715
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13716
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13717
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13718
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13719
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13720
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13721
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13765
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13766
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25154
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5869
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5870
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5871
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5872
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5874
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5876
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5877
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5878
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5879
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5880
		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-13720
1768586		https://bugzilla.redhat.com/show_bug.cgi?id=1768586
ASA-201911-1		https://security.archlinux.org/ASA-201911-1
ASA-201911-7		https://security.archlinux.org/ASA-201911-7
AVG-1058		https://security.archlinux.org/AVG-1058
AVG-1061		https://security.archlinux.org/AVG-1061
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
CVE-2019-13720	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50917.js
CVE-2019-13720		https://nvd.nist.gov/vuln/detail/CVE-2019-13720
GLSA-202004-04		https://security.gentoo.org/glsa/202004-04
RHSA-2019:3775		https://access.redhat.com/errata/RHSA-2019:3775

Data source	KEV
Date added	May 23, 2022
Description	Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Required action	Apply updates per vendor instructions.
Due date	June 13, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2019-13720
Ransomware campaign use	Unknown

Data source	Exploit-DB
Date added	May 11, 2022
Description	Google Chrome 78.0.3904.70 - Remote Code Execution
Ransomware campaign use	Unknown
Source publication date	May 11, 2022
Exploit type	remote
Platform	multiple
Source update date	May 11, 2022

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T16:27:44Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/167066/Google-Chrome-78.0.3904.70-Remote-Code-Execution.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T16:27:44Z/ Found at http://packetstormsecurity.com/files/167066/Google-Chrome-78.0.3904.70-Remote-Code-Execution.html

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13720.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T16:27:44Z/ Found at https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1019226

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T16:27:44Z/ Found at https://crbug.com/1019226

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-13720

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-13720

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202004-04

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T16:27:44Z/ Found at https://security.gentoo.org/glsa/202004-04

Exploit Prediction Scoring System (EPSS)

Percentile	0.99554
EPSS Score	0.89586
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:01:45.288593+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/202004-04	38.0.0