CVE-2015-1294

Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
googlechrome
𝑥
≤ 44.0.2403
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
wily
Fixed 45.0.2454.85-0ubuntu1.1198
released
vivid
Fixed 45.0.2454.85-0ubuntu0.15.04.1.1181
released
trusty
Fixed 45.0.2454.85-0ubuntu0.14.04.1.1097
released
precise
ignored
oxide-qt
wily
Fixed 1.9.1-0ubuntu1
released
vivid
Fixed 1.9.1-0ubuntu0.15.04.1
released
trusty
Fixed 1.9.1-0ubuntu0.14.04.2
released
precise
dne
References
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2015-1712.html
http://www.debian.org/security/2015/dsa-3351
http://www.securitytracker.com/id/1033472
https://code.google.com/p/chromium/issues/detail?id=492263
https://codereview.chromium.org/1188433011/
https://security.gentoo.org/glsa/201603-09
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2015-1712.html
http://www.debian.org/security/2015/dsa-3351
http://www.securitytracker.com/id/1033472
https://code.google.com/p/chromium/issues/detail?id=492263
https://codereview.chromium.org/1188433011/
https://security.gentoo.org/glsa/201603-09