Lucene search

K

[email protected]NVD:CVE-2015-1257

HistoryMay 20, 2015 - 10:59 a.m.

CVE-2015-1257

2015-05-2010:59:09

CWE-119

[email protected]

web.nvd.nist.gov

2

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.

Affected configurations

NVD

Node

debiandebian_linuxMatch8.0

Node

googlechromeRange≤42.0.2311.152

References

googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html

lists.opensuse.org/opensuse-updates/2015-05/msg00091.html

lists.opensuse.org/opensuse-updates/2015-11/msg00015.html

www.debian.org/security/2015/dsa-3267

www.securityfocus.com/bid/74723

www.securitytracker.com/id/1032375

code.google.com/p/chromium/issues/detail?id=468519

security.gentoo.org/glsa/201506-04

src.chromium.org/viewvc/blink?view=rev&revision=193571

src.chromium.org/viewvc/blink?view=rev&revision=193911

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

Related for NVD:CVE-2015-1257

prion1 cvelist1 ubuntucve1 cve1 debiancve1 ubuntu1 nessus9 openvas8 archlinux1 mageia1 threatpost1 debian2 redhat1 freebsd1 securityvulns2 chrome1 osv1 kaspersky1 gentoo1