NVD

Id
17999  
Name
CVE-2016-1649  
Description
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2016-03-29  
Modified Date
2016-12-02  
Seq
2016-1649  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
98752 17999 CVE-2016-1649 http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html  View
98753 17999 CVE-2016-1649 openSUSE-SU-2016:0929  View
98754 17999 CVE-2016-1649 openSUSE-SU-2016:0930  View
98755 17999 CVE-2016-1649 openSUSE-SU-2016:1059  View
98756 17999 CVE-2016-1649 RHSA-2016:0525  View
98757 17999 CVE-2016-1649 DSA-3531  View
98758 17999 CVE-2016-1649 1035423  View
98759 17999 CVE-2016-1649 USN-2955-1  View
98760 17999 CVE-2016-1649 http://www.zerodayinitiative.com/advisories/ZDI-16-224  View
98761 17999 CVE-2016-1649 https://chromium-review.googlesource.com/334448  View
98762 17999 CVE-2016-1649 https://code.google.com/p/chromium/issues/detail?id=595836  View
98763 17999 CVE-2016-1649 GLSA-201605-02  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1149 JVNDB-2016-001922 Google Chrome で使用される libANGLE の Program.cpp におけるサービス運用妨害 (DoS) の脆弱性 Google Chrome で使用される libANGLE の Program.cpp 内の Program::getUniformInternal 関数は、特定のデータ型の不一致を適切に処理しないため、サービス運用妨害 (バッファオーバーフロー) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。 CVE-2016-1649 88155 CVE-2016-1649 17999 9.3 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001922.html 2016-03-24 2016-03-30 View