CVE-2019-5785 — Out-of-bounds Write in Google Chrome

CWE-787 — Out-of-bounds Write CWE-190 — Integer Overflow or Wraparound11 documents7 sources

Severity

6.5MEDIUMNVD

OSV5.5

EPSS

0.4%

top 40.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Mozilla Thunderbird Debian Firefox +2 more

Timeline

PublishedJun 27

Latest updateMay 24

Description

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5google/chromeunspecified — 72.0.3626.81

▶NVDgoogle/chrome< 72.0.3626.81

▶debiandebian/firefox< firefox 65.0.1-1 (sid)

▶debiandebian/firefox-esr< firefox 65.0.1-1 (sid)

▶debiandebian/thunderbird< firefox 65.0.1-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-qvc8-jrj2-3cc3: Incorrect convexity calculations in Skia in Google Chrome prior to 72↗2022-05-24

▶

OSV

CVE-2019-5785: Incorrect convexity calculations in Skia in Google Chrome prior to 72↗2019-06-27

▶

OSV

thunderbird vulnerabilities↗2019-02-26

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2019-02-26

▶

Ubuntu

Thunderbird vulnerabilities↗2019-02-26

▶

Red Hat

mozilla: Integer overflow in Skia↗2019-02-12

▶

Debian

CVE-2019-5785: firefox - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 ...↗2019

▶

💬Community

Bugzilla

CVE-2019-5785 thunderbird: mozilla: Integer overflow in Skia [fedora-all]↗2019-02-13

▶

Bugzilla

CVE-2019-5785 mozilla: Integer overflow in Skia↗2019-02-13

▶

Bugzilla

CVE-2019-5785 firefox: mozilla: Integer overflow in Skia [fedora-all]↗2019-02-13

▶