Information disclosure

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to...

CVE-2015-0076

CVE-2015-0076 affects the Microsoft Windows Photo Decoder component across Windows Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012 (Gold/R2) and Windows RT/8.1. The vulnerability stems from not properly initializing memory when rendering JPEG XR (.JXR) images, allowin...

CVE-2015-0080

CVE-2015-0080 affects multiple Windows platforms (Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012) where memory is not properly initialized when rendering certain malformed PNG images, enabling a remote att...

Design/Logic Flaw

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

CVE-2015-1227

Removed by vendor...

CVE-2015-1227

The CVE-2015-1227 issue affects Google Chrome’s Blink rendering engine (DragImage::create in platform/DragImage.cpp). The root cause is uninitialized memory used for image drawing, as reported for Chrome versions prior to 41.0.2272.76. This memory initialization flaw could allow a remote attacker...

Google Chrome Blink Arbitrary Code Execution Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability in the 'DragImage::create' function in the platform/DragImage.cpp file in Blink used in versions prior to Google Chrome 41.0.2272.76 stems from the program failing to properly initialize memory for image drawing. A...

Google Chrome CSS Token Sequence Denial of Service Vulnerability

Google Chrome is a popular WEB browser. The 'RenderCounter::updateCounter' function in the core/rendering/RenderCounter.cpp file in Blink used by Google Chrome has a security vulnerability due to the program's failure to Because the program fails to enforce relayout operations and fails to proper...

CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

UBUNTU-CVE-2015-1228

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service...

CVE-2015-1228

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service...

KLA10589 Multiple vulnerabilities in Microsoft products

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, cause denial of service or obtain sensitive information. Below is a complete list of vulnerabilities 1. Improper memory...

MGASA-2015-0047 Updated icu packages fix security vulnerabilities

Updated icu packages fix security vulnerabilities: The Regular Expressions package in International Components for Unicode ICU 52 before SVN revision 292944 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a...

CVE-2014-7942

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2014-7940

The collator implementation in i18n/ucol.cpp in International Components for Unicode ICU 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have...

Design/Logic Flaw

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2014-7942

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2014-7940

CVE-2014-7940 affects ICU 52 and derived Chrome builds; the collator in i18n/ucol.cpp does not initialize memory for a data structure, enabling denial of service or unspecified impact via crafted input. Public-module details: linked advisories show remediation by upgrading ICU to newer releases (...

CVE-2014-7942

Removed by vendor...