CVE-2015-6787

Google Chrome < 46.0.2490.86 - Denial of Service

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-6787. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a heap-buffer-overflow vulnerability in PDFium (Chrome's PDF renderer) triggered by a malformed PDF file. The crash occurs in CPDF_TextObject::CalcPositionData due to an out-of-bounds read, leading to a denial-of-service condition.

Description

Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/39163

This exploit demonstrates a heap-buffer-overflow vulnerability in PDFium (Chrome's PDF renderer) triggered by a malformed PDF file. The crash occurs in CPDF_TextObject::CalcPositionData due to an out-of-bounds read, leading to a denial-of-service condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: PDFium (Chrome PDF renderer)
No auth needed
Prerequisites: A malformed PDF file to trigger the heap overflow
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/39165

This exploit demonstrates a stack-based buffer overflow in PDFium (Chrome's PDF renderer) via a crafted PDF file, leading to a crash and potential remote code execution. The PoC includes a PDF file that triggers the vulnerability during rendering.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PDFium (Chrome PDF renderer)
No auth needed
Prerequisites: A target system with a vulnerable version of PDFium/Chrome
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/39162

This exploit demonstrates a heap-buffer-overflow vulnerability in PDFium, the Chrome PDF renderer, which can be triggered by a malformed PDF file. The crash occurs in the `CPDF_DIBSource::DownSampleScanline32Bit` function, leading to a potential denial-of-service (DoS) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: PDFium (Chrome PDF renderer)
No auth needed
Prerequisites: A malformed PDF file to trigger the heap-buffer-overflow
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39162/
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2825-1
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201603-09
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034298
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39163/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39165/

Scores

EPSS 0.0852
EPSS Percentile 94.3%

Details

Status published
Products (1)
google/chrome < 46.0.2490.86
Published Dec 06, 2015
Tracked Since Feb 18, 2026