Out-of-Bounds Affecting chromium-browser package, versions <43.0.2357.81-0ubuntu0.14.04.1.1089


Severity

Recommended
medium

Based on Ubuntu security rating.

Threat Intelligence

EPSS
2.11% (90th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU1404-CHROMIUMBROWSER-411925
  • published20 May 2015
  • disclosed20 May 2015

Introduced: 20 May 2015

CVE-2015-1257  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade Ubuntu:14.04 chromium-browser to version 43.0.2357.81-0ubuntu0.14.04.1.1089 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream chromium-browser package and not the chromium-browser package as distributed by Ubuntu. See How to fix? for Ubuntu:14.04 relevant fixed versions and status.

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.

CVSS Scores

version 3.1