Vulnerabilities > CVE-2024-21640 - Unspecified vulnerability in Chromiumembedded Chromium Embedded Framework

CVSS 9.6 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

chromiumembedded

critical

NVD

Published: 2024-01-13

Updated: 2024-11-21

Summary

Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.

Vulnerable Configurations

Part	Description	Count
Application	Chromiumembedded Chromiumembedded Chromium Embedded Framework -	1

References

https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh
https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh