Vulnerability Name:

CVE-2009-1442 (CCN-50365)

Assigned:2009-05-05
Published:2009-05-05
Updated:2009-05-19
Summary:Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: Exploit
http://code.google.com/p/chromium/issues/detail?id=10736

Source: CONFIRM
Type: UNKNOWN
http://code.google.com/p/skia/source/detail?r=159

Source: MITRE
Type: CNA
CVE-2009-1442

Source: CCN
Type: Google Chrome Releases Blog
Stable Update: Security Fix

Source: CONFIRM
Type: Patch, Vendor Advisory
http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html

Source: OSVDB
Type: UNKNOWN
54248

Source: CCN
Type: SA35014
Google Chrome Skia 2D Integer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35014

Source: CCN
Type: SECTRACK ID: 1022175
Google Chrome Integer Overflow in Skia 2D Graphics Lets Remote Users Execute Arbitrary Code Within the Sandboxed Browser Tab

Source: CCN
Type: Google Chrome Web site
Google Chrome

Source: CCN
Type: OSVDB ID: 54248
Google Chrome Skia 2D Graphics Component Image Size Handling Overflow

Source: BID
Type: UNKNOWN
34859

Source: CCN
Type: BID-34859
Google Chrome Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1022175

Source: VUPEN
Type: UNKNOWN
ADV-2009-1266

Source: XF
Type: UNKNOWN
chrome-skmaskcomputeImagesize-bo(50365)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version <= 1.0.154.53)
  • OR cpe:/a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:2.0.159.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.55:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:1.0.154.53:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google chrome 0.2.149.29
    google chrome 0.2.149.30
    google chrome 0.2.152.1
    google chrome 0.2.153.1
    google chrome 0.3.154.0
    google chrome 0.3.154.3
    google chrome 0.4.154.18
    google chrome 0.4.154.22
    google chrome 0.4.154.31
    google chrome 0.4.154.33
    google chrome 1.0.154.36
    google chrome 1.0.154.39
    google chrome 1.0.154.42
    google chrome 1.0.154.43
    google chrome 1.0.154.46
    google chrome *
    google chrome 1.0.154.59
    google chrome 2.0.156.1
    google chrome 2.0.157.0
    google chrome 2.0.157.2
    google chrome 2.0.158.0
    google chrome 2.0.159.0
    google chrome 0.2.149.27
    google chrome 0.2.149.29
    google chrome 0.2.149.30
    google chrome 1.0.154.36
    google chrome 1.0.154.43
    google chrome 1.0.154.42
    google chrome 1.0.154.39
    google chrome 0.4.154.33
    google chrome 0.4.154.31
    google chrome 0.4.154.22
    google chrome 0.4.154.18
    google chrome 0.3.154.3
    google chrome 0.3.154.0
    google chrome 0.2.153.1
    google chrome 0.2.152.1
    google chrome 1.0.154.55
    google chrome 1.0.154.53