CVE-2016-1649 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2016-1649?

CVE-2016-1649 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-1649?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Opensuse, Google Chrome.

Vulnerability Description

The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	14.04
Opensuse	Opensuse	13.1
Google	Chrome	<= 49.0.2623.95

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2016-1649?

CVE-2016-1649 is a vulnerability with a CVSS score of 8.8 (HIGH). The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers...

How severe is CVE-2016-1649?

CVE-2016-1649 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1649?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Opensuse, Google Chrome.