CVE-2015-1227Missing Initialization of a Variable in Google Chrome

CWE-399CWE-456Missing Initialization of a Variable7 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 22.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedMar 9
Latest updateMay 17

Description

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome40.0.2214.115

🔴Vulnerability Details

3
GHSA
GHSA-qpj3-fmrx-4m5m: The DragImage::create function in platform/DragImage2022-05-17
OSV
oxide-qt vulnerabilities2015-03-10
OSV
CVE-2015-1227: The DragImage::create function in platform/DragImage2015-03-08

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2015-03-10
Red Hat
chromium-browser: Uninitialized value in blink2015-03-03

💬Community

1
Bugzilla
CVE-2015-1227 chromium-browser: Uninitialized value in blink2015-03-04