CVE-2015-1238 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.5HIGHNVD

OSV5.0

EPSS

1.8%

top 17.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Canonical Ubuntu Linux Debian Linux

Timeline

PublishedApr 19

Latest updateMay 17

Description

Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome42.0.2311.60

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 14.10, 15.04

🔴Vulnerability Details

GHSA

GHSA-qwm3-j3m5-fj24: Skia, as used in Google Chrome before 42↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2015-04-27

▶

OSV

CVE-2015-1238: Skia, as used in Google Chrome before 42↗2015-04-19

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-04-27

▶

Red Hat

chromium-browser: Out-of-bounds write in Skia↗2015-04-14

▶

💬Community

Bugzilla

CVE-2015-1238 chromium-browser: Out-of-bounds write in Skia↗2015-04-15

▶