Lucene search
K

101 matches found

OSV
OSV
added 2018/11/14 3:29 p.m.6 views

CVE-2018-6077

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score0.01523EPSS
Exploits0References5
OSV
OSV
added 2018/11/14 3:29 p.m.4 views

UBUNTU-CVE-2018-6077

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7AI score0.01523EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/11/14 3:29 p.m.19 views

CVE-2018-6077

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7AI score0.01523EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/11/14 3:0 p.m.29 views

CVE-2018-6077

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.4AI score0.01523EPSS
Exploits0References5
CVE
CVE
added 2018/11/14 3:0 p.m.129 views

CVE-2018-6077

CVE-2018-6077 is a Chrome/Blink vulnerability described as a timing attack in SVG filters. Displacement map filters applied to cross-origin images could leak cross-origin data via a crafted HTML page. Affected product: Google Chrome (Blink SVG rendering). Root cause: timing issue in SVG filter pr...

6.5CVSS6.2AI score0.01523EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2018/11/14 3:0 p.m.42 views

CVE-2018-6077

Removed by vendor...

6.5CVSS8AI score0.01523EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/03/12 6:21 p.m.7 views

chromium-browser: timing attack using svg filters

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score0.01523EPSS
Exploits0References5
NVD
NVD
added 2017/10/27 5:29 a.m.14 views

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

5.3CVSS5.2AI score0.01652EPSS
Exploits0References6
OSV
OSV
added 2017/10/27 5:29 a.m.2 views

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

5.3CVSS6.7AI score0.01652EPSS
Exploits0References6
Prion
Prion
added 2017/10/27 5:29 a.m.17 views

Input validation

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

2.6CVSS5.5AI score0.01652EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2017/10/27 5:29 a.m.6 views

UBUNTU-CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

5.3CVSS6.7AI score0.01652EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/10/27 5:29 a.m.28 views

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

5.3CVSS6.8AI score0.01652EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/10/27 5:0 a.m.23 views

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

5.8AI score0.01652EPSS
Exploits0References6
CVE
CVE
added 2017/10/27 5:0 a.m.111 views

CVE-2017-5107

The CVE-2017-5107 entry describes a timing-based information disclosure in Google Chrome's SVG rendering prior to 60.0.3112.78, enabling a remote attacker to extract pixel values from a cross-origin page loaded in an iframe on Linux/Windows/macOS. The connected sources corroborate Chrome/Chromium...

5.3CVSS5.6AI score0.01652EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2017/10/27 5:0 a.m.40 views

CVE-2017-5107

Removed by vendor...

5.3CVSS7.4AI score0.01652EPSS
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/09/08 9:57 a.m.21 views

Lazy async SVG rasterisation

Phwoar I love a good sciency-sounding title. SVG can be slow When transforming an SVG image, browsers try to render on every frame to keep the image as sharp as possible. Unfortunately SVG rendering can be slow, especially for non-trivial images. Here's a demo, press "Scale SVG". Devtools timelin...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/08/24 6:45 a.m.8 views

Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

9.8CVSS7.5AI score0.04187EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/08/10 11:20 p.m.9 views

Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

9.8CVSS7.5AI score0.04187EPSS
Exploits1References5
OSV
OSV
added 2017/08/10 12:0 a.m.5 views

UBUNTU-CVE-2017-7806

A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox 55...

7.5CVSS7.2AI score0.02025EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2017/07/26 9:52 a.m.23 views

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

5.3CVSS3.6AI score0.01652EPSS
Exploits0References2
Rows per page
Query Builder