CVE-2019-1153

LOW

Description

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1148.

References

http://packetstormsecurity.com/files/154098/Microsoft-Font-Subsetting-DLL-FixSbitSubTableFormat1-Out-Of-Bounds-Read.html

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1153

Details

Source: MITRE

Published: 2019-08-14

Updated: 2019-08-19

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM