Heap-Based Buffer Overflow in Google Chrome's Skia Component
CVE-2016-1691

7.5HIGH

Key Information:

Vendor

Debian
Status
Debian Linux
Ubuntu Linux
Enterprise Linux Desktop
Enterprise Linux Server
Vendor
CVE Published:
5 June 2016

What is CVE-2016-1691?

A vulnerability exists in the Skia graphics library used by Google Chrome, which mishandles coincidence runs. This flaw can allow remote attackers to craft specific curves that trigger a heap-based buffer overflow, potentially resulting in a denial of service or other unspecified impacts to users. The issue is linked to the files SkOpCoincidence.cpp and SkPathOpsCommon.cpp, emphasizing the importance of applying updates and maintaining security best practices.

References

https://codereview.chromium.org/1854333002/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/90876
vdb-entryx_refsource_BID
https://crbug.com/597926
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.