Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2015-1270

Published: 23/07/2015 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Chrome

Vulnerability Summary

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome prior to 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote malicious users to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

redhat enterprise linux server supplementary eus 6.7z

redhat enterprise linux desktop supplementary 6.0

redhat enterprise linux server supplementary 6.0

redhat enterprise linux workstation supplementary 6.0

opensuse opensuse 13.1

opensuse opensuse 13.2

debian debian linux 8.0

oracle solaris 11.3

Vendor Advisories

Debian CVElist Bug Report Logs: icu: CVE-2015-1270
Debian Bug report logs - #798647 icu: CVE-2015-1270 Package: src:icu; Maintainer for src:icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 Sep 2015 12:45:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ic ...
Ubuntu Security Notice: oxide-qt vulnerabilities
Several security issues were fixed in Oxide ...
Ubuntu Security Notice: icu vulnerabilities
Several security issues were fixed in ICU ...
Debian Security Advisories: DSA-3360-1 icu -- security update
It was discovered that the International Components for Unicode (ICU) library mishandles converter names starting with x-, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file For the stable distribution (jessie), this problem has been fixed in versio ...
Red Hat: CVE-2015-1270
The ucnv_io_getConverterName function in common/ucnv_iocpp in International Components for Unicode (ICU), as used in Google Chrome before 440240389, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a craf ...

References

CWE-19https://codereview.chromium.org/1157143002/http://rhn.redhat.com/errata/RHSA-2015-1499.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.htmlhttp://www.securitytracker.com/id/1033031https://code.google.com/p/chromium/issues/detail?id=444573http://www.debian.org/security/2015/dsa-3360http://www.ubuntu.com/usn/USN-2740-1https://security.gentoo.org/glsa/201603-09http://www.securityfocus.com/bid/75973http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.htmlhttps://chromium.googlesource.com/chromium/deps/icu/+/f1ad7f9ba957571dc692ea3e187612c685615e19http://www.debian.org/security/2015/dsa-3315http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798647https://nvd.nist.govhttps://usn.ubuntu.com/2677-1/https://access.redhat.com/security/cve/cve-2015-1270
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook