CVE-2015-1295 — Use After Free in Google Chrome

CWE-416 — Use After Free5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 20.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedSep 3

Latest updateMay 17

Description

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome44.0.2403

🔴Vulnerability Details

GHSA

GHSA-c9pc-3qqh-vpm8: Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper↗2022-05-17

▶

OSV

CVE-2015-1295: Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper↗2015-09-03

▶

📋Vendor Advisories

Red Hat

chromium-browser: Use-after-free in Printing↗2015-09-01

▶

💬Community

Bugzilla

CVE-2015-1295 chromium-browser: Use-after-free in Printing↗2015-09-02

▶