CVE-2009-1442

Exploit

EPSS 4.77%
Veröffentlicht 07.05.2009 17:30:04
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 1.0.154.53

Google ≫ Chrome Version0.2.149.29

Google ≫ Chrome Version0.2.149.30

Google ≫ Chrome Version0.2.152.1

Google ≫ Chrome Version0.2.153.1

Google ≫ Chrome Version0.3.154.0

Google ≫ Chrome Version0.3.154.3

Google ≫ Chrome Version0.4.154.18

Google ≫ Chrome Version0.4.154.22

Google ≫ Chrome Version0.4.154.31

Google ≫ Chrome Version0.4.154.33

Google ≫ Chrome Version1.0.154.36

Google ≫ Chrome Version1.0.154.39

Google ≫ Chrome Version1.0.154.42

Google ≫ Chrome Version1.0.154.43

Google ≫ Chrome Version1.0.154.46

Google ≫ Chrome Version1.0.154.59

Google ≫ Chrome Version2.0.156.1

Google ≫ Chrome Version2.0.157.0

Google ≫ Chrome Version2.0.157.2

Google ≫ Chrome Version2.0.158.0

Google ≫ Chrome Version2.0.159.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.77%	0.884

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html

Patch

Vendor Advisory

http://secunia.com/advisories/35014

http://www.securityfocus.com/bid/34859

http://www.vupen.com/english/advisories/2009/1266

http://code.google.com/p/chromium/issues/detail?id=10736

Exploit

http://code.google.com/p/skia/source/detail?r=159

http://osvdb.org/54248

http://www.securitytracker.com/id?1022175

https://nvd.nist.gov/vuln/detail/CVE-2009-1442

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1442

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1442

EUVD