PT-2015-5191 · Google+9 · Google Chrome+9

Published

2015-07-21

·

Updated

2025-01-13

·

CVE-2015-1283

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Expat versions through 2.1.0 Google Chrome versions prior to 44.0.2403.89
Description The issue is caused by multiple integer overflows in the XML GetBuffer function in Expat, which can be exploited by remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have other unspecified impacts via crafted XML data.
Recommendations For Expat versions through 2.1.0, update to a version later than 2.1.0 to resolve the issue. For Google Chrome versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2015-1729
ALT-PU-2017-2088
ALT-PU-2017-2598
ALT-PU-2017-2851
CVE-2015-1283
DLA-281-1
DSA-3315-1
DSA-3318-1
DSA-3582-1
MGASA-2015-0285
OPENSUSE-SU-2015_1287-1
OPENSUSE-SU-2016_1441-1
OPENSUSE-SU-2016_1523-1
OPENSUSE-SU-2024:10077-1
OPENSUSE-SU-2024:10171-1
OPENSUSE-SU-2024:12948-1
PSF-2015-1
RHSA-2015:1499
RHSA-2015_1499
SUSE-SU-2016:1508-1
SUSE-SU-2016:1512-1
SUSE-SU-2016_1508-1
SUSE-SU-2016_1512-1
SUSE-SU-2017:2699-1
SUSE-SU-2017:2700-1
USN-2677-1
USN-2726-1
USN-3013-1
USN-4772-1
USN-5455-1
USN-7199-1

Affected Products

Alt Linux
Debian
Expat
Google Chrome
Linuxmint
Opera
Red Hat
Suse
Ubuntu
Itunes