libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.
Max CVSS
4.3
EPSS Score
1.33%
Published
2010-12-07
Updated
2017-09-19
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
Max CVSS
10.0
EPSS Score
4.29%
Published
2010-11-06
Updated
2020-07-31
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
Max CVSS
9.8
EPSS Score
0.52%
Published
2010-11-06
Updated
2020-07-31
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
Max CVSS
4.3
EPSS Score
0.17%
Published
2010-11-17
Updated
2020-06-04
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.8
EPSS Score
0.46%
Published
2010-10-05
Updated
2020-08-03
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.8
EPSS Score
0.24%
Published
2010-09-16
Updated
2020-08-04
Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.29%
Published
2010-09-16
Updated
2020-07-31
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X.
Max CVSS
10.0
EPSS Score
0.29%
Published
2010-09-16
Updated
2021-09-08
Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.3
EPSS Score
2.83%
Published
2010-09-07
Updated
2020-08-04
The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.54%
Published
2010-09-07
Updated
2020-08-04
The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.23%
Published
2010-09-07
Updated
2020-08-04
Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.41%
Published
2010-08-24
Updated
2020-08-03
Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.66%
Published
2010-08-24
Updated
2020-08-04
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.
Max CVSS
10.0
EPSS Score
0.78%
Published
2010-08-24
Updated
2020-08-04
Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.17%
Published
2010-08-24
Updated
2020-08-03
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
0.32%
Published
2010-07-28
Updated
2020-08-05
The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
2.64%
Published
2010-07-28
Updated
2020-08-04
The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.3
EPSS Score
0.27%
Published
2010-07-06
Updated
2020-08-07
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.3
EPSS Score
1.70%
Published
2010-07-06
Updated
2020-08-07
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
Max CVSS
9.3
EPSS Score
3.17%
Published
2010-07-06
Updated
2020-08-10
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
2.04%
Published
2010-05-03
Updated
2017-09-19
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
Max CVSS
5.0
EPSS Score
2.18%
Published
2010-05-03
Updated
2017-09-19
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Max CVSS
9.8
EPSS Score
70.79%
Published
2010-06-30
Updated
2020-08-14
Integer overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a malformed message, related to deserializing of sandbox messages.
Max CVSS
9.3
EPSS Score
0.18%
Published
2010-02-18
Updated
2017-09-19
Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file.
Max CVSS
9.3
EPSS Score
0.30%
Published
2010-01-15
Updated
2011-08-08
25 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!