CVE-2016-7395 Information
Feb 14, 2021
cve
Description
SkPath.cpp in Skia as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate the return values of ChopMonoAtY calls which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
http://www.debian.org/security/2016/dsa-3667 http://www.securityfocus.com/bid/92717 https://codereview.chromium.org/2006143009 https://crbug.com/613918 https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: