CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.
References
Link | Resource |
---|---|
https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b | Patch |
https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-12T21:16:06.709Z
Updated: 2024-06-04T17:38:07.364Z
Reserved: 2023-12-29T03:00:44.957Z
Link: CVE-2024-21639
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-12T22:15:45.750
Modified: 2024-01-22T19:23:11.360
Link: CVE-2024-21639
JSON object: View
Redhat Information
No data.
CWE