Vulnerability Details CVE-2024-21640
Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.9%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
- https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh
- https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
- https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh
Products affected by CVE-2024-21640
-
cpe:2.3:a:chromiumembedded:chromium_embedded_framework:-