CVE-2009-1441

Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
googlechrome
𝑥
≤ 1.0.154.53
googlechrome
0.2.149.29
googlechrome
0.2.149.30
googlechrome
0.2.152.1
googlechrome
0.2.153.1
googlechrome
0.3.154.0
googlechrome
0.3.154.3
googlechrome
0.4.154.18
googlechrome
0.4.154.22
googlechrome
0.4.154.31
googlechrome
0.4.154.33
googlechrome
1.0.154.36
googlechrome
1.0.154.39
googlechrome
1.0.154.42
googlechrome
1.0.154.43
googlechrome
1.0.154.46
googlechrome
1.0.154.59
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://code.google.com/p/chromium/issues/detail?id=10869
http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html
http://osvdb.org/54288
http://secunia.com/advisories/35014
http://www.securityfocus.com/bid/34859
http://www.securitytracker.com/id?1022174
http://www.vupen.com/english/advisories/2009/1266
https://exchange.xforce.ibmcloud.com/vulnerabilities/50362
http://code.google.com/p/chromium/issues/detail?id=10869
http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html
http://osvdb.org/54288
http://secunia.com/advisories/35014
http://www.securityfocus.com/bid/34859
http://www.securitytracker.com/id?1022174
http://www.vupen.com/english/advisories/2009/1266
https://exchange.xforce.ibmcloud.com/vulnerabilities/50362