Three vulnerabilities in NVIDIA graphics driver could cause memory corruption

Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post. Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIAs graphics cards. The driver is vulnerable to memory corruption if an adversary sends...

NVIDIA D3D10 Driver Shader Functionality dcl_input index memory corruption vulnerability

Talos Vulnerability Report TALOS-2023-1720 NVIDIA D3D10 Driver Shader Functionality dclinput index memory corruption vulnerability August 10, 2023 CVE Number CVE-2022-34671 SUMMARY A memory corruption vulnerability exists in the Shader Functionality of NVIDIA D3D10 Driver NVIDIA D3D10 Driver,...

The vulnerability of Google Chrome’s WebGL component allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of Google Chrome’s WebGL component is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by loading a specially created web page...

Chromium: CVE-2023-4072 Out of bounds read and write in WebGL

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Denial Of Service (DoS)

firefox and thunderbird are vulnerable to Denial of Service DoS attacks. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is invalid, Firefox could read data from outside of the allocated memory space which could lead to a crash...

Denial Of Service (DoS)

chromium is vulnerable to Denial Of Service DoS. The vulnerability exists due to the out of bounds read and write in the WebGL, allowing an attacker to exploit heap corruption via a crafted HTML page...

Use-After-Free

firefox and thunderbird are vulnerable to Use-After-Free. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is invalid, Firefox could free memory that is still in use. This could lead to a crash or arbitrary code execution...

Denial Of Service (DoS)

firefox and thunderbird are vulnerable to Denial of Service DoS attacks. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is invalid, Firefox could corrupt memory and crash which could lead to a denial-of-service attack...

Arbitrary Code Execution

firefox is vulnerable to Arbitrary Code Execution. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is invalid, Firefox could free memory that is still in use which could lead to a crash or arbitrary code execution...

Authorization Bypass

firefox and thunderbird are vulnerable to Authorization Bypasses. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is invalid, Firefox could misinterpret the data in the program and cause a type confusion error, which could lead to bypass...

Arbitrary Code Execution

chromium is vulnerable to Arbitrary Code Execution. The vulnerability occurs when chrome parses a specially crafted WebGL program. If the program is valid, chrome could free memory that is still in use which could lead to a crash or arbitrary code execution...

Use After Free

firefox is vulnerable to Use After Free. This vulnerability occurs when Firefox parses a specially crafted WebGL program. If the program is valid, Firefox could free memory that is still in use. This could lead to a crash or arbitrary code execution...

Google Chrome Code Execution Vulnerability (CNVD-2023-63468)

Google Chrome is a web browser from the American company Google. Google Chrome suffers from a code execution vulnerability that is caused by out-of-bounds reads and writes in WebGL. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to crash...

SUSE CVE-2023-4072

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-4072

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-4072

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2023-4072

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Design/Logic Flaw

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-4072

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2023-4072

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...