CVE-2015-1259 — Missing Initialization of a Variable in Google Chrome

CWE-17 CWE-456 — Missing Initialization of a Variable5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux

Timeline

PublishedMay 20

Latest updateMay 17

Description

PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome42.0.2311.152

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-rx99-8mc5-222v: PDFium, as used in Google Chrome before 43↗2022-05-17

▶

OSV

CVE-2015-1259: PDFium, as used in Google Chrome before 43↗2015-05-20

▶

📋Vendor Advisories

Red Hat

chromium-browser: Uninitialized value in PDFium.↗2015-05-19

▶

💬Community

Bugzilla

CVE-2015-1259 chromium-browser: Uninitialized value in PDFium.↗2015-05-20

▶