9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
89.0%
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in
OpenJPEG, as used in PDFium, allow remote attackers to cause a denial of
service (heap-based buffer overflow) or possibly have other unspecified
impact via crafted JPEG 2000 data.
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in
j2k.c in OpenJPEG, as used in PDFium, allows remote attackers to cause a
denial of service or possibly have other unspecified impact via crafted
JPEG 2000 data.
Blink allows remote attackers to spoof the address bar via vectors
involving a provisional URL for an initially empty document, related to
FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
The Web Cryptography API (aka WebCrypto) implementation in Blink does
not properly copy data buffers, which allows remote attackers to cause a
denial of service (use-after-free) or possibly have other unspecified
impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp
and SubtleCrypto.cpp.
The Developer Tools (aka DevTools) subsystem in Blink mishandles the
script-path hostname, remoteBase parameter, and remoteFrontendUrl
parameter, which allows remote attackers to bypass intended access
restrictions via a crafted URL.
Blink does not ensure that a taint property is preserved after a
structure-clone operation on an ImageBitmap object derived from a
cross-origin image, which allows remote attackers to bypass the Same
Origin Policy via crafted JavaScript code.
Multiple unspecified vulnerabilities allow attackers to cause a denial
of service or possibly have other unspecified impact via unknown vectors.
access.redhat.com/security/cve/CVE-2016-5139
access.redhat.com/security/cve/CVE-2016-5140
access.redhat.com/security/cve/CVE-2016-5141
access.redhat.com/security/cve/CVE-2016-5142
access.redhat.com/security/cve/CVE-2016-5143
access.redhat.com/security/cve/CVE-2016-5144
access.redhat.com/security/cve/CVE-2016-5145
access.redhat.com/security/cve/CVE-2016-5146
googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
89.0%