CVE-2009-1442

EUVD-2009-1440
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 1.0.154.53
googlechrome
0.2.149.29
googlechrome
0.2.149.30
googlechrome
0.2.152.1
googlechrome
0.2.153.1
googlechrome
0.3.154.0
googlechrome
0.3.154.3
googlechrome
0.4.154.18
googlechrome
0.4.154.22
googlechrome
0.4.154.31
googlechrome
0.4.154.33
googlechrome
1.0.154.36
googlechrome
1.0.154.39
googlechrome
1.0.154.42
googlechrome
1.0.154.43
googlechrome
1.0.154.46
googlechrome
1.0.154.59
googlechrome
2.0.156.1
googlechrome
2.0.157.0
googlechrome
2.0.157.2
googlechrome
2.0.158.0
googlechrome
2.0.159.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://code.google.com/p/chromium/issues/detail?id=10736
http://code.google.com/p/skia/source/detail?r=159
http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html
http://osvdb.org/54248
http://secunia.com/advisories/35014
http://www.securityfocus.com/bid/34859
http://www.securitytracker.com/id?1022175
http://www.vupen.com/english/advisories/2009/1266
http://code.google.com/p/chromium/issues/detail?id=10736
http://code.google.com/p/skia/source/detail?r=159
http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html
http://osvdb.org/54248
http://secunia.com/advisories/35014
http://www.securityfocus.com/bid/34859
http://www.securitytracker.com/id?1022175
http://www.vupen.com/english/advisories/2009/1266