Lucene search

[email protected]CVE-2015-1262

HistoryMay 20, 2015 - 10:59 a.m.

CVE-2015-1262

2015-05-2010:59:00

CWE-17

[email protected]

web.nvd.nist.gov

cve-2015-1262

nvd

google chrome

harfbuzzshaper

unicode

denial of service

remote attack

6.9 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.

CPENameOperatorVersion
google:chromegoogle chromele42.0.2311.152
debian:debian_linuxdebian debian linuxeq8.0

CPE	Name	Operator	Version
google:chrome	google chrome	le	42.0.2311.152
debian:debian_linux	debian debian linux	eq	8.0

References

googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html

lists.opensuse.org/opensuse-updates/2015-05/msg00091.html

lists.opensuse.org/opensuse-updates/2015-11/msg00015.html

www.debian.org/security/2015/dsa-3267

www.securityfocus.com/bid/74723

www.securitytracker.com/id/1032375

code.google.com/p/chromium/issues/detail?id=476647

security.gentoo.org/glsa/201506-04

src.chromium.org/viewvc/blink?revision=194541&view=revision

6.9 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2015-1262

prion1 debiancve1 ubuntucve1 openvas8 nessus9 ubuntu1 mageia1 debian2 chrome1 threatpost1 securityvulns2 freebsd1 redhat1 kaspersky1 osv1 gentoo1