Vulnerability Details CVE-2024-21639
CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.8%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
- https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg
- https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
- https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg
Products affected by CVE-2024-21639
-
cpe:2.3:a:chromiumembedded:chromium_embedded_framework:-