CVE-2015-1283

 

Published at: - 23-07-2015 02:59

Last modified: - 05-07-2022 08:57

Total changes: - 5

Description

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• https://code.google.com/p/chromium/issues/detail?id=492052
• http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
• https://codereview.chromium.org/1224303003
• RHSA-2015:1499-Third Party Advisory
• DSA-3315-Third Party Advisory
• openSUSE-SU-2015:1287-Mailing List, Third Party Advisory
• DSA-3318-Third Party Advisory
• SUSE-SU-2016:1508-Mailing List, Third Party Advisory
• SUSE-SU-2016:1512-Mailing List, Third Party Advisory
• openSUSE-SU-2016:1523-Mailing List, Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
• 75973-Third Party Advisory, VDB Entry
• https://source.android.com/security/bulletin/2016-11-01.html
• openSUSE-SU-2016:1441-Mailing List, Third Party Advisory
• GLSA-201603-09-Third Party Advisory
• USN-2726-1-Third Party Advisory
• GLSA-201701-21-Third Party Advisory
• 1033031-Broken Link, Third Party Advisory, VDB Entry
• https://www.tenable.com/security/tns-2016-20
• https://kc.mcafee.com/corporate/index?page=content&id=SB10365

 

Keywords

NVD

 

CVE-2015-1283

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures