CVE-2015-6773
CVSS V2 High 7.5
CVSS V3 None
Description
The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics data.
Overview
- CVE ID
- CVE-2015-6773
- Assigner
- cve-coordination@google.com
- Vulnerability Status
- Modified
- Published Version
- 2015-12-06T01:59:10
- Last Modified Date
- 2017-09-14T01:29:02
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | 1 | OR | 46.0.2490.86 |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 7.5
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 6.4
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2015-6773 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6773 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 08:37:27 | Added to TrackCVE | |||
| 2022-12-02 07:21:44 | security@google.com | cve-coordination@google.com | CVE Assigner | updated |
| 2022-12-02 07:21:44 | 2015-12-06T01:59Z | 2015-12-06T01:59:10 | CVE Published Date | updated |
| 2022-12-02 07:21:44 | 2017-09-14T01:29:02 | CVE Modified Date | updated | |
| 2022-12-02 07:21:44 | Modified | Vulnerability Status | updated |