CVE-2015-1257 Information

Description

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink as used in Google Chrome before 43.0.2357.65 does not properly handle an insufficient number of values in an feColorMatrix filter which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.

Reference

http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=468519 https://security.gentoo.org/glsa/201506-04 https://src.chromium.org/viewvc/blink?view=rev&revision=193571 https://src.chromium.org/viewvc/blink?view=rev&revision=193911