CVE-2015-6781

NameCVE-2015-6781
DescriptionInteger overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT container.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3415-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersourcewheezy(unfixed)end-of-life
chromium-browsersourcejessie47.0.2526.73-1~deb8u1DSA-3415-1
chromium-browsersource(unstable)47.0.2526.73-1

Search for package or bug name: Reporting problems