CVE-2024-21640
Published Jan 13, 2024
Last updated 10 months ago
Overview
- Description
- Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.6
- Impact score
- 5.8
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
- Severity
- CRITICAL
Weaknesses
- security-advisories@github.com
- CWE-125
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chromiumembedded:chromium_embedded_framework:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DDE5170-AEB5-4EB6-B436-9634C0190E6A",
"versionEndExcluding": "2024-01-05"
}
],
"operator": "OR"
}
]
}
]