|Description||Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 220.127.116.11, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.|
|Source||CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)|
|NVD severity||high (attack range: remote)|
|Debian/oldstable||packages chromium-browser, libv8 are vulnerable. |
|Debian/stable||package libv8 is vulnerable. |
|Debian/testing||package libv8-3.14 is vulnerable; however, the security impact is unimportant.|
|Debian/unstable||package libv8-3.14 is vulnerable; however, the security impact is unimportant.|
Vulnerable and fixed packages
The table below lists information on source packages.
|chromium-browser (PTS)||squeeze (security), squeeze||6.0.472.63~r59945-5+squeeze6||vulnerable|
|wheezy, wheezy (security)||37.0.2062.120-1~deb7u1||fixed|
|libv8-3.14 (PTS)||jessie, sid||18.104.22.168-8.1||vulnerable|
The information above is based on the following data on fixed versions.
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
libv8 not covered by security support