CVE-2009-1442

medium

Description

Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.

References

http://code.google.com/p/chromium/issues/detail?id=10736

http://code.google.com/p/skia/source/detail?r=159

http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html

http://osvdb.org/54248

http://secunia.com/advisories/35014

http://www.securityfocus.com/bid/34859

http://www.securitytracker.com/id?1022175

http://www.vupen.com/english/advisories/2009/1266

Details

Source: MITRE

Published: 2009-05-07

Updated: 2009-05-19

Type: CWE-189

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM