CVE-2015-6787 – pdfium - CPDF_Function::Call Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-6787
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 47.0.2526.73 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Pdfium suffers from a heap-based out-of-bounds read in CPDF_DIBSource:DownSampleScanline32Bit. • https://www.exploit-db.com/exploits/39165 https://www.exploit-db.com/exploits/39162 https://www.exploit-db.com/exploits/39163 http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.securitytracker.com/id/1034298 http://www.ubuntu.com/usn/USN-2825-1 https://code.google.com/p/chromium/issues/detail?id= •
CVE-2015-6777 – chromium-browser: Use-after-free in DOM
https://notcve.org/view.php?id=CVE-2015-6777
Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOMCharacterDataModified events for certain detached-subtree insertions. Vulnerabilidad de uso después de liberación de memoria en la función ContainerNode::notifyNodeInsertedInternal en WebKit/Source/core/dom/ContainerNode.cpp en la implementación del DOM en Google Chrome en versiones anteriores a 47.0.2526.73 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con eventos DOMCharacterDataModified para ciertas inserciones separadas del subárbol. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 http://www.ubuntu.com/usn/USN-2825-1 https://code.google.com/p/chromium/issues/detail?id=544020 https://codereview.chromium.org/1420653003& • CWE-416: Use After Free •
CVE-2015-6776 – chromium-browser: Out of bounds access in PDFium
https://notcve.org/view.php?id=CVE-2015-6776
The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during a discrete wavelet transform. Las funciones opj_dwt_decode_1* en dwt.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 47.0.2526.73, permite a atacantes remotos causar una denegación de servicio (acceso a array fuera de rango) o posiblemente tener otro impacto no especificado a través de datos JPEG 2000 manipulados que no son manejados correctamente durante una transformación wavelet discreta. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 https://code.google.com/p/chromium/issues/detail?id=457480 https://codereview.chromium.org/1416783002 https://codereview.chromium.org/1416783002/di • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6778 – chromium-browser: Out of bounds access in PDFium
https://notcve.org/view.php?id=CVE-2015-6778
The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2 compression. La clase CJBig2_SymbolDict en fxcodec/jbig2/JBig2_SymbolDict.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, permite a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango) o posiblemente tener otro impacto no especificado a través de un documento PDF que contiene datos manipulados con compresión JBIG2. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 https://code.google.com/p/chromium/issues/detail?id=514891 https://codereview.chromium.org/1388203003 https://security.gentoo.org/glsa/201603-0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6766 – chromium-browser: Use-after-free in AppCache
https://notcve.org/view.php?id=CVE-2015-6766
Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with duplicate cache selection. Vulnerabilidad de uso después de liberación de memoria en la implementación de AppCache en Google Chrome en versiones anteriores a 47.0.2526.73 permite a atacantes remotos con acceso renderer causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento del comportamiento incorrecto de AppCacheUpdateJob asociado con la selección de caché duplicada. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 http://www.ubuntu.com/usn/USN-2825-1 https://code.google.com/p/chromium/issues/detail?id=551044 https://codereview.chromium.org/1418783005& • CWE-416: Use After Free •