CVE-2015-6773 : The convolution implementation in Skia, as used in Google Chrome before 47.0.252

The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics data.

Published 2015-12-06 01:59:10

Updated 2017-09-14 01:29:02

Source Google Inc.

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2015-6773

Google » Chrome
Versions up to, including, (<=) 46.0.2490.86
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-6773

EPSS FAQ

1.93%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-6773

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-6773

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-6773

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html

[security-announce] openSUSE-SU-2015:2291-1: important: Security update

CVEs referencing this url
http://www.securityfocus.com/bid/78416

Google Chrome Prior to 47.0.2526.73 Multiple Security Vulnerabilities

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html

[security-announce] openSUSE-SU-2015:2290-1: important: Security update

CVEs referencing this url
https://code.google.com/p/chromium/issues/detail?id=491660

491660 - Heap-buffer-overflow in convolve4RowsHorizontally_SSE2 - chromium - Monorail
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html

Chrome Releases: Stable Channel Update
Vendor Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2825-1

USN-2825-1: Oxide vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://security.gentoo.org/glsa/201603-09

Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo security

CVEs referencing this url
http://www.securitytracker.com/id/1034298

Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Spoof Content - SecurityTracker

CVEs referencing this url
https://codereview.chromium.org/1187173005

Issue 1187173005: Plumb through out_row byte length so we can assert we stay underneath it. - Code Review
http://www.debian.org/security/2015/dsa-3415

Debian -- Security Information -- DSA-3415-1 chromium-browser

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-6773

Products affected by CVE-2015-6773

Exploit prediction scoring system (EPSS) score for CVE-2015-6773

CVSS scores for CVE-2015-6773

CWE ids for CVE-2015-6773

References for CVE-2015-6773