Data Processing Errors

CVE-2015-1270

Medium

6.8/10

Summary

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-19 - Data Processing Errors

Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.

References

Advisory Timeline

Published Jul 23, 2015

Data Processing Errors

CVE-2015-1270

Summary

CWE-19 - Data Processing Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS