Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:45413
HistoryFeb 08, 2024 - 1:01 p.m.

Heap Buffer Overflow

2024-02-0813:01:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
chromium
buffer overflow
skia graphics
google chrome
remote attacker
heap corruption
html page
vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

36.3%

chromium (sid) is vulnerability of Heap buffer overflow. The vulnerability due to write more data to a heap-allocated buffer in the Skia graphics library, which is used in Google Chrome. It allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

36.3%