6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.037 Low
EPSS
Percentile
91.8%
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
code.google.com/p/chromium/issues/detail?id=10736
code.google.com/p/skia/source/detail?r=159
googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html
osvdb.org/54248
secunia.com/advisories/35014
www.securityfocus.com/bid/34859
www.securitytracker.com/id?1022175
www.vupen.com/english/advisories/2009/1266