CVE-2016-1624 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Brotli

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

8.8HIGHNVD

EPSS

1.4%

top 19.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Brotli Google Chrome Debian Linux +1 more

Timeline

PublishedFeb 14

Latest updateMay 14

Description

Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/brotli< brotli 0.3.0+dfsg-3 (bookworm)

▶NVDgoogle/chrome48.0.2564.103

▶NVDopensuse/opensuse13.1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-5mx7-hhwx-7mq8: Integer underflow in the ProcessCommandsInternal function in dec/decode↗2022-05-14

▶

OSV

oxide-qt vulnerabilities↗2016-02-18

▶

OSV

CVE-2016-1624: Integer underflow in the ProcessCommandsInternal function in dec/decode↗2016-02-14

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-02-18

▶

Red Hat

chromium-browser: buffer overflow in Brotli↗2016-02-09

▶

Debian

CVE-2016-1624: brotli - Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Bro...↗2016

▶

💬Community

Bugzilla

CVE-2016-1624 chromium-browser: buffer overflow in Brotli↗2016-02-10

▶