CVE-2016-1681 – chromium-browser: heap overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-1681
Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. Desbordamiento de buffer basado en memoria dinámica en la función opj_j2k_read_SPCod_SPCoc en OpenJPEG, como es usado en PDFium en Google Chrome en versiones anteriores a 51.0.2704.63, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un documento PDF manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 https://access.redhat.com/errata/RHSA-2016:1190 https://codereview& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1682 – chromium-browser: csp bypass for serviceworker
https://notcve.org/view.php?id=CVE-2016-1682
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. La función ServiceWorkerContainer::registerServiceWorkerImpl en WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp en Blink, como es usada en Google Chrome en versiones anteriores a 51.0.2704.63, permite a atacantes remotos eludir el mecanismo de protección Content Security Policy (CSP) a través de un registro ServiceWorker. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVE-2016-1683 – chromium-browser: out-of-bounds access in libxslt
https://notcve.org/view.php?id=CVE-2016-1683
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. numbers.c in libxslt en verisones anteriores a 1.1.29, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente los nodos de espacio de nombres, lo que permite a atacantes remotos provocar una denegación del servicio (acceso a memoria dinámica fuera de límites) o posiblemente tener otro impacto no especificado a través de un documento manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-05 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1684 – chromium-browser: integer overflow in libxslt
https://notcve.org/view.php?id=CVE-2016-1684
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. numbers.c en libxslt en versiones anteriores a 1.1.29, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente el token de formato i para datos xsl:number, lo que permite a atacantes remotos provocar una denegación del servicio (desbordamiento de entero o consumo de recursos) o posiblemente tener otro impacto no especificado a través de un documento manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-05 •
CVE-2016-1685 – chromium-browser: out-of-bounds read in pdfium
https://notcve.org/view.php?id=CVE-2016-1685
core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. core/fxge/ge/fx_ge_text.cpp en PDFium, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no calcula correctamente ciertos valores del índice, lo que permite a atacantes remotos provocar una denegación del servicio (lectura fuera de límites) a través de un documento PDF manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 https://access.redhat.com/errata/RHSA-2016:1190 https://codereview& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •