CVE-2016-1691

CWE-119Buffer Overflow8 documents7 sources
Severity
7.5HIGH
EPSS
1.2%
top 20.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Google ChromeCanonical Ubuntu LinuxDebian Debian Linux+6 more
Timeline
PublishedJun 5
Latest updateMay 14

Description

Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages8 packages

NVDgoogle/chrome50.0.2661.102
Ubuntuoxide-qt< 1.15.7-0ubuntu0.14.04.1+1
Ubuntuchromium-browser< 51.0.2704.79-0ubuntu0.14.04.1.1121+1
NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Linux Enterprise 12.0, Ubuntu Linux 14.04, 15.10, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-qx8h-g997-fj2w: Skia, as used in Google Chrome before 512022-05-14
CVEList
CVE-2016-1691: Skia, as used in Google Chrome before 512016-06-05
OSV
CVE-2016-1691: Skia, as used in Google Chrome before 512016-05-31

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-06-06
Red Hat
chromium-browser: heap buffer-overflow in skia2016-05-25

💬Community

2
Bugzilla
CVE-2016-1691 chromium-browser: heap buffer-overflow in skia2016-05-26
Bugzilla
CVE-2016-2116 jasper: memory leak in jas_iccprof_createfrombuf()2016-03-03
CVE-2016-1691 (HIGH CVSS 7.5) | cvebase.io