{"id":"USN-2345-1","summary":"oxide-qt vulnerabilities","details":"Multiple use-after-free issues were discovered in Blink. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via renderer crash,\nor execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-3178, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial of\nservice via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-3179,\nCVE-2014-3200)\n\nIt was discovered that Chromium did not properly handle the interaction of\nIPC and V8. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to execute arbitrary\ncode with the privileges of the user invoking the program. (CVE-2014-3188)\n\nA use-after-free was discovered in the web workers implementation in\nChromium. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of service\nvia applicatin crash or execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2014-3194)\n\nIt was discovered that V8 did not correctly handle Javascript heap\nallocations in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nsteal sensitive information. (CVE-2014-3195)\n\nIt was discovered that Blink did not properly provide substitute data for\npages blocked by the XSS auditor. If a user were tricked in to opening a\nspecially crafter website, an attacker could potentially exploit this to\nsteal sensitive information. (CVE-2014-3197)\n\nIt was discovered that the wrap function for Event's in the V8 bindings\nin Blink produced an erroneous result in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service by stopping a worker\nprocess that was handling an Event object. (CVE-2014-3199)\n\nMultiple security issues were discovered in V8. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit these to read uninitialized memory, cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2014-7967)\n","modified":"2026-02-10T04:40:50Z","published":"2014-10-14T15:18:38Z","related":["UBUNTU-CVE-2014-3178","UBUNTU-CVE-2014-3179","UBUNTU-CVE-2014-3188","UBUNTU-CVE-2014-3190","UBUNTU-CVE-2014-3191","UBUNTU-CVE-2014-3192","UBUNTU-CVE-2014-3194","UBUNTU-CVE-2014-3195","UBUNTU-CVE-2014-3197","UBUNTU-CVE-2014-3199","UBUNTU-CVE-2014-3200","UBUNTU-CVE-2014-7967"],"upstream":["CVE-2014-3178","CVE-2014-3179","CVE-2014-3188","CVE-2014-3190","CVE-2014-3191","CVE-2014-3192","CVE-2014-3194","CVE-2014-3195","CVE-2014-3197","CVE-2014-3199","CVE-2014-3200","CVE-2014-7967","UBUNTU-CVE-2014-3178","UBUNTU-CVE-2014-3179","UBUNTU-CVE-2014-3188","UBUNTU-CVE-2014-3190","UBUNTU-CVE-2014-3191","UBUNTU-CVE-2014-3192","UBUNTU-CVE-2014-3194","UBUNTU-CVE-2014-3195","UBUNTU-CVE-2014-3197","UBUNTU-CVE-2014-3199","UBUNTU-CVE-2014-3200","UBUNTU-CVE-2014-7967"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2345-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3178"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3179"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3188"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3190"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3191"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3192"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3194"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3195"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3197"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3199"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3200"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-7967"}],"affected":[{"package":{"name":"oxide-qt","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/oxide-qt@1.2.5-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.5-0ubuntu0.14.04.1"}]}],"versions":["1.0.0~bzr437-0ubuntu1","1.0.0~bzr452-0ubuntu1","1.0.0~bzr475-0ubuntu1","1.0.0~bzr490-0ubuntu1","1.0.0~bzr501-0ubuntu1","1.0.0~bzr501-0ubuntu2","1.0.4-0ubuntu0.14.04.1","1.0.5-0ubuntu0.14.04.1","1.1.2-0ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.2.5-0ubuntu0.14.04.1","binary_name":"liboxideqt-qmlplugin"},{"binary_version":"1.2.5-0ubuntu0.14.04.1","binary_name":"liboxideqtcore0"},{"binary_version":"1.2.5-0ubuntu0.14.04.1","binary_name":"oxideqmlscene"},{"binary_version":"1.2.5-0ubuntu0.14.04.1","binary_name":"oxideqt-codecs"},{"binary_version":"1.2.5-0ubuntu0.14.04.1","binary_name":"oxideqt-codecs-extra"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3178"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3179"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3190"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3191"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3192"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3194"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3195"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3197"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3199"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-3200"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-7967"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2345-1.json"}}],"schema_version":"1.7.3"}