Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-1441

Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.

Published

2009-05-07T17:30:04.780

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application google chrome ≤ 1.0.154.53 Yes
Application google chrome 0.2.149.29 Yes
Application google chrome 0.2.149.30 Yes
Application google chrome 0.2.152.1 Yes
Application google chrome 0.2.153.1 Yes
Application google chrome 0.3.154.0 Yes
Application google chrome 0.3.154.3 Yes
Application google chrome 0.4.154.18 Yes
Application google chrome 0.4.154.22 Yes
Application google chrome 0.4.154.31 Yes
Application google chrome 0.4.154.33 Yes
Application google chrome 1.0.154.36 Yes
Application google chrome 1.0.154.39 Yes
Application google chrome 1.0.154.42 Yes
Application google chrome 1.0.154.43 Yes
Application google chrome 1.0.154.46 Yes
Application google chrome 1.0.154.59 Yes
References