CVE-2016-1649
Google Chrome libANGLE glGetUniformfv Buffer Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.
La función Program::getUniformInternal en Program.cpp en libANGLE, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no maneja adecuadamente ciertos tipos de datos que no coinciden, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de etapas de shader manipuladas.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the libANGLE library. The issue lies in the failure to safely copy data from buffers of disparate types. An attacker can leverage this vulnerability to execute code within the context of the GPU process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-12 CVE Reserved
- 2016-03-27 CVE Published
- 2024-04-28 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html | X_refsource_confirm | |
| http://www.securitytracker.com/id/1035423 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-224 | X_refsource_misc |
|
| https://chromium-review.googlesource.com/334448 | X_refsource_confirm | |
| https://code.google.com/p/chromium/issues/detail?id=595836 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 49.0.2623.95 Search vendor "Google" for product "Chrome" and version " <= 49.0.2623.95" | - |
Affected
| ||||||