Denial of Service Vulnerability in Google Chrome Products by Google
CVE-2016-1702

6.5MEDIUM

Key Information:

Vendor
Debian
Status
Debian Linux
Ubuntu Linux
Enterprise Linux Desktop
Enterprise Linux Server
Vendor
CVE Published:
5 June 2016

Summary

The SkRegion::readFromMemory function in Skia, utilized by Google Chrome, does not adequately check the interval count. This deficiency may allow remote attackers to exploit it by sending specially crafted serialized data, leading to potential denial of service through out-of-bounds read vulnerabilities.

References

http://googlechromereleases.blogspot.com/2016/06/stable-c...
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1201
vendor-advisoryx_refsource_REDHAT
https://codereview.chromium.org/1961463003
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.