CVE-2015-8664 - OpenCVE

Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

References

Link	Resource
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
http://www.securityfocus.com/bid/79686
http://www.securitytracker.com/id/1034491
http://www.ubuntu.com/usn/USN-2860-1
https://code.google.com/p/chromium/issues/detail?id=565023
https://code.google.com/p/chromium/issues/detail?id=569486
https://codereview.chromium.org/1498903003

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Chrome

Published: 2015-12-24T02:00:00

Updated: 2016-12-05T14:57:01

Reserved: 2015-12-23T00:00:00

Link: CVE-2015-8664

JSON object: View

NVD Information

Status : Modified

Published: 2015-12-24T03:59:01.143

Modified: 2023-11-07T02:28:38.157

Link: CVE-2015-8664

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html"}, {"name": "1034491", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034491"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=569486"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=565023"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.chromium.org/1498903003"}, {"name": "USN-2860-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2860-1"}, {"name": "79686", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/79686"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2015-8664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html"}, {"name": "1034491", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034491"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=569486", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=569486"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=565023", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=565023"}, {"name": "https://codereview.chromium.org/1498903003", "refsource": "CONFIRM", "url": "https://codereview.chromium.org/1498903003"}, {"name": "USN-2860-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2860-1"}, {"name": "79686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79686"}]}}}}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2015-8664", "datePublished": "2015-12-24T02:00:00", "dateReserved": "2015-12-23T00:00:00", "dateUpdated": "2016-12-05T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "27BA9DAB-BD1B-48EC-A622-AA702BE4FA0E", "versionEndIncluding": "47.0.2526.80", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n the WebCursor::Deserialize en content/common/cursors/webcursor.cc en Google Chrome en versiones anteriores a la 47.0.2526.106 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de un array de pixel RGBA con dimensiones manipuladas, una vulnerabilidad diferente a CVE-2015-6792."}], "id": "CVE-2015-8664", "lastModified": "2023-11-07T02:28:38.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2015-12-24T03:59:01.143", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/79686"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1034491"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2860-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=565023"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=569486"}, {"source": "chrome-cve-admin@google.com", "url": "https://codereview.chromium.org/1498903003"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}