Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image.
2014-01-28T14:30:33.777
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | chrome | ≤ 32.0.1700.101 | Yes | |
| Application | chrome | 32.0.1700.0 | Yes | |
| Application | chrome | 32.0.1700.2 | Yes | |
| Application | chrome | 32.0.1700.3 | Yes | |
| Application | chrome | 32.0.1700.4 | Yes | |
| Application | chrome | 32.0.1700.5 | Yes | |
| Application | chrome | 32.0.1700.6 | Yes | |
| Application | chrome | 32.0.1700.7 | Yes | |
| Application | chrome | 32.0.1700.8 | Yes | |
| Application | chrome | 32.0.1700.9 | Yes | |
| Application | chrome | 32.0.1700.10 | Yes | |
| Application | chrome | 32.0.1700.11 | Yes | |
| Application | chrome | 32.0.1700.12 | Yes | |
| Application | chrome | 32.0.1700.13 | Yes | |
| Application | chrome | 32.0.1700.14 | Yes | |
| Application | chrome | 32.0.1700.15 | Yes | |
| Application | chrome | 32.0.1700.16 | Yes | |
| Application | chrome | 32.0.1700.17 | Yes | |
| Application | chrome | 32.0.1700.18 | Yes | |
| Application | chrome | 32.0.1700.19 | Yes | |
| Application | chrome | 32.0.1700.21 | Yes | |
| Application | chrome | 32.0.1700.22 | Yes | |
| Application | chrome | 32.0.1700.23 | Yes | |
| Application | chrome | 32.0.1700.24 | Yes | |
| Application | chrome | 32.0.1700.26 | Yes | |
| Application | chrome | 32.0.1700.27 | Yes | |
| Application | chrome | 32.0.1700.28 | Yes | |
| Application | chrome | 32.0.1700.29 | Yes | |
| Application | chrome | 32.0.1700.30 | Yes | |
| Application | chrome | 32.0.1700.31 | Yes | |
| Application | chrome | 32.0.1700.32 | Yes | |
| Application | chrome | 32.0.1700.33 | Yes | |
| Application | chrome | 32.0.1700.34 | Yes | |
| Application | chrome | 32.0.1700.35 | Yes | |
| Application | chrome | 32.0.1700.38 | Yes | |
| Application | chrome | 32.0.1700.39 | Yes | |
| Application | chrome | 32.0.1700.41 | Yes | |
| Application | chrome | 32.0.1700.50 | Yes | |
| Application | chrome | 32.0.1700.51 | Yes | |
| Application | chrome | 32.0.1700.52 | Yes | |
| Application | chrome | 32.0.1700.53 | Yes | |
| Application | chrome | 32.0.1700.54 | Yes | |
| Application | chrome | 32.0.1700.55 | Yes | |
| Application | chrome | 32.0.1700.56 | Yes | |
| Application | chrome | 32.0.1700.57 | Yes | |
| Application | chrome | 32.0.1700.58 | Yes | |
| Application | chrome | 32.0.1700.59 | Yes | |
| Application | chrome | 32.0.1700.62 | Yes | |
| Application | chrome | 32.0.1700.63 | Yes | |
| Application | chrome | 32.0.1700.64 | Yes | |
| Application | chrome | 32.0.1700.65 | Yes | |
| Application | chrome | 32.0.1700.66 | Yes | |
| Application | chrome | 32.0.1700.67 | Yes | |
| Application | chrome | 32.0.1700.68 | Yes | |
| Application | chrome | 32.0.1700.69 | Yes | |
| Application | chrome | 32.0.1700.70 | Yes | |
| Application | chrome | 32.0.1700.71 | Yes | |
| Application | chrome | 32.0.1700.72 | Yes | |
| Application | chrome | 32.0.1700.74 | Yes | |
| Application | chrome | 32.0.1700.75 | Yes | |
| Application | chrome | 32.0.1700.76 | Yes | |
| Application | chrome | 32.0.1700.77 | Yes | |
| Application | chrome | 32.0.1700.94 | Yes | |
| Application | chrome | 32.0.1700.95 | Yes | |
| Application | chrome | 32.0.1700.96 | Yes | |
| Application | chrome | 32.0.1700.97 | Yes | |
| Application | chrome | 32.0.1700.98 | Yes | |
| Application | chrome | 32.0.1700.99 | Yes | |
| Application | chrome | 32.0.1700.100 | Yes | |
| Operating System | debian | debian_linux | 7.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | opensuse | opensuse | 12.3 | Yes |
| Operating System | opensuse | opensuse | 13.1 | Yes |