Vulnerability Details : CVE-2015-1360
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-1360
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1360
0.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1360
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-1360
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1360
-
https://codereview.chromium.org/636233008
Issue 636233008: Flush text contexts before drawing text as path - Code Review
-
https://code.google.com/p/chromium/issues/detail?id=416289
416289 - Heap-buffer-overflow in GrBufferAllocPool::putBack - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=449894
449894 - Tracking bug for internal fixes: Chrome M40, release 0 - chromium - Monorail
-
http://googlechromereleases.blogspot.com/2015/01/stable-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://security.gentoo.org/glsa/glsa-201502-13.xml
Chromium: Multiple vulnerabilities (GLSA 201502-13) — Gentoo security
Jump to