CVE-2009-1442

Sažetak

Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.

Reference

http://code.google.com/p/chromium/issues/detail?id=10736
http://code.google.com/p/skia/source/detail?r=159
http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html
http://osvdb.org/54248
http://secunia.com/advisories/35014
http://www.securityfocus.com/bid/34859
http://www.securitytracker.com/id?1022175
http://www.vupen.com/english/advisories/2009/1266

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-05-2009 - 05:35

Objavljeno

07-05-2009 - 17:30