CVE-2015-6760 : The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, m

The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.

Published 2015-10-15 10:59:06

Updated 2016-12-24 02:59:34

Source Google Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2015-6760

Probability of exploitation activity in the next 30 days: 1.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-6760

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-6760

CWE-17

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-6760

https://code.google.com/p/chromium/issues/detail?id=519642

519642 - Security: Memory-safety bug in Image11::map - chromium - Monorail
http://www.securityfocus.com/bid/77071

Google Chrome 46.0.2490.71 Multiple Security Vulnerabilities

CVEs referencing this url
https://chromium.googlesource.com/angle/angle.git/+/39939686b3731eaaf6c0b639ab64db0277c72475

39939686b3731eaaf6c0b639ab64db0277c72475 - angle/angle.git - Git at Google
https://security.gentoo.org/glsa/201603-09

Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo security

CVEs referencing this url
http://www.debian.org/security/2015/dsa-3376

Debian -- Security Information -- DSA-3376-1 chromium-browser

CVEs referencing this url
http://www.securitytracker.com/id/1033816

Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information - SecurityTracker

CVEs referencing this url
http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html

Chrome Releases: Stable Channel Update
Patch;Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1912.html

RHSA-2015:1912 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Products affected by CVE-2015-6760

Google » Chrome
Versions up to, including, (<=) 45.0.2454.101
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-6760

Exploit prediction scoring system (EPSS) score for CVE-2015-6760

CVSS scores for CVE-2015-6760

CWE ids for CVE-2015-6760

References for CVE-2015-6760

Products affected by CVE-2015-6760