CVE-2016-7395Google Chrome vulnerability

CWE-193 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 29.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedSep 11
Latest updateMay 17

Description

SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDgoogle/chrome52.0.2743.116

🔴Vulnerability Details

2
GHSA
GHSA-89h8-vm89-88m9: SkPath2022-05-17
OSV
CVE-2016-7395: SkPath2016-09-11