PT-2015-1195 · Google+4 · Google Chrome+4

Publicado

2015-05-19

Atualizado

2024-06-15

CVE-2015-1256

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 43.0.2357.65

Description The issue is caused by a use-after-free vulnerability in the SVG implementation in Blink. This vulnerability can be exploited by remote attackers using a specially crafted document, potentially leading to a denial of service or other unspecified impacts. The exploitation leverages improper handling of a shadow tree for a use element.

Recommendations For Google Chrome versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later to resolve the issue. As a temporary workaround, consider avoiding the use of SVG documents that could leverage the improper handling of a shadow tree for a use element until a patch is applied.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2015-1589

BDU:2015-10129

CVE-2015-1256

DSA-3267-1

MGASA-2015-0235

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2015:1023

RHSA-2015_1023

USN-2610-1

Produtos afetados

Alt Linux

Google Chrome

Opera

Red Hat

Ubuntu

PT-2015-1195 · Google+4 · Google Chrome+4

CVE-2015-1256

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2469