Description
Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.
References (13)
Core 13
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1485.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3637
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92053
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036428
Issue Tracking x_refsource_confirm
https://crbug.com/614934
Patch x_refsource_confirm
https://github.com/googlei18n/sfntly/commit/468cad540fa1b0027cad60456f53feabecdce2bc
Patch x_refsource_confirm
https://github.com/googlei18n/sfntly/commit/c56b85408bab232efd7e650f0994272a174e3b92
Issue Tracking x_refsource_confirm
https://github.com/googlei18n/sfntly/pull/56
Scores
CVSS v3
8.8
EPSS
0.0148
EPSS Percentile
70.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (2)
google/chrome
< 51.0.2704.106
google/sfntly
Published
Jul 23, 2016
Tracked Since
Feb 18, 2026