CVE-2015-1257 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-1257?

CVE-2015-1257 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-1257?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Google Chrome.

Vulnerability Description

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	8.0
Google	Chrome	<= 42.0.2311.152

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2015-1257?

CVE-2015-1257 is a vulnerability with a CVSS score of 7.5 (HIGH). platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMat...

How severe is CVE-2015-1257?

CVE-2015-1257 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1257?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Google Chrome.