Vulnerability CVE-2015-1359

Vulnerability CVE-2015-1359

Published: 2015-01-27 Modified: 2015-01-28

Description:

Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205.

Type:

CWE-189

(Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Google -> Chrome

References:

https://codereview.chromium.org/656463006

https://code.google.com/p/chromium/issues/detail?id=449894

https://code.google.com/p/chromium/issues/detail?id=421196

http://googlechromereleases.blogspot.com/2015/01/stable-update.html

Copyright 2024, cxsecurity.com