CVE-2015-1227

Description

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.

Risk Information

Base Score

8.8

MODERATE

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

1.018

Associated Vulnerability

Vulnerability	OS Platform
Update for Google Chrome (45.0.2454.101)	Windows
Update for Google Chrome x64 (45.0.2454.101)	Windows
Update for Google Chrome (48.0.2564.103)	Windows
Update for Google Chrome x64 (48.0.2564.103)	Windows
Update for Google Chrome (48.0.2564.109)	Windows
Update for Google Chrome x64 (48.0.2564.109)	Windows
Update for Google Chrome (48.0.2564.116)	Windows
Update for Google Chrome x64 (48.0.2564.116)	Windows
Update for Google Chrome (51.0.2704.103)	Windows
Update for Google Chrome x64 (51.0.2704.103)	Windows
Update for Google Chrome (51.0.2704.106)	Windows
Update for Google Chrome x64 (51.0.2704.106)	Windows
Updates for Google Chrome (66.0.3359.170)	Windows
Updates for Google Chrome (x64) (66.0.3359.170)	Windows
Updates for Google Chrome (66.0.3359.181)	Windows
Updates for Google Chrome (x64) (66.0.3359.181)	Windows
Updates for Google Chrome (67.0.3396.62)	Windows
Updates for Google Chrome (x64) (67.0.3396.62)	Windows
Updates for Google Chrome (67.0.3396.79)	Windows
Updates for Google Chrome (x64) (67.0.3396.79)	Windows
Updates for Google Chrome (67.0.3396.87)	Windows
Updates for Google Chrome (x64) (67.0.3396.87)	Windows
Google Chrome (67.0.3396.99)	Windows
Google Chrome (x64) (67.0.3396.99)	Windows
Multiple vulnerabilities fixed in Chrome 41.0.2272.76	Windows
Multiple vulnerabilities fixed in Chrome (x64) 41.0.2272.76	Windows
Multiple vulnerabilities are fixed in Google Chrome for Mac 41.0.2272.76	Mac
Update for Google Chrome (45.0.2454.101) (For Ubuntu)	Linux
Update for Google Chrome (48.0.2564.103) (For Ubuntu)	Linux
Update for Google Chrome (48.0.2564.109) (For Ubuntu)	Linux
Update for Google Chrome (48.0.2564.116) (For Ubuntu)	Linux
Update for Google Chrome (51.0.2704.103) (For Ubuntu)	Linux
Update for Google Chrome (51.0.2704.106) (For Ubuntu)	Linux
Updates for Google Chrome (66.0.3359.170) (For Ubuntu)	Linux
Update for Google Chrome (45.0.2454.101) (For Debian)	Linux
Update for Google Chrome (48.0.2564.103) (For Debian)	Linux
Update for Google Chrome (48.0.2564.109) (For Debian)	Linux
Update for Google Chrome (48.0.2564.116) (For Debian)	Linux
Update for Google Chrome (51.0.2704.103) (For Debian)	Linux
Update for Google Chrome (51.0.2704.106) (For Debian)	Linux
Updates for Google Chrome (66.0.3359.170) (For Debian)	Linux
Updates for Google Chrome (66.0.3359.181) (For Debian)	Linux
Updates for Google Chrome (67.0.3396.62) (For Debian)	Linux
Updates for Google Chrome (67.0.3396.79) (For Debian)	Linux
Updates for Google Chrome (67.0.3396.87) (For Debian)	Linux
Google Chrome (67.0.3396.99) (For Debian)	Linux
Multiple vulnerabilities fixed in Chrome 41.0.2272.76 (For Debian)	Linux
Update for Google Chrome (45.0.2454.101) (For Centos)	Linux
Update for Google Chrome (48.0.2564.103) (For Centos)	Linux
Update for Google Chrome (48.0.2564.109) (For Centos)	Linux
Update for Google Chrome (48.0.2564.116) (For Centos)	Linux
Update for Google Chrome (51.0.2704.103) (For Centos)	Linux
Update for Google Chrome (51.0.2704.106) (For Centos)	Linux
Updates for Google Chrome (66.0.3359.170) (For Centos)	Linux
Updates for Google Chrome (66.0.3359.181) (For Centos)	Linux
Updates for Google Chrome (67.0.3396.62) (For Centos)	Linux
Updates for Google Chrome (67.0.3396.79) (For Centos)	Linux
Updates for Google Chrome (67.0.3396.87) (For Centos)	Linux
Google Chrome (67.0.3396.99) (For Centos)	Linux
Multiple vulnerabilities fixed in Chrome 41.0.2272.76 (For Centos)	Linux
Update for Google Chrome (45.0.2454.101) (For RedHat)	Linux
Update for Google Chrome (48.0.2564.103) (For RedHat)	Linux
Update for Google Chrome (48.0.2564.109) (For RedHat)	Linux
Update for Google Chrome (48.0.2564.116) (For RedHat)	Linux
Update for Google Chrome (51.0.2704.103) (For RedHat)	Linux
Update for Google Chrome (51.0.2704.106) (For RedHat)	Linux
Updates for Google Chrome (66.0.3359.170) (For RedHat)	Linux
Updates for Google Chrome (66.0.3359.181) (For RedHat)	Linux
Updates for Google Chrome (67.0.3396.62) (For RedHat)	Linux
Updates for Google Chrome (67.0.3396.79) (For RedHat)	Linux
Updates for Google Chrome (67.0.3396.87) (For RedHat)	Linux
Google Chrome (67.0.3396.99) (For RedHat)	Linux
Multiple vulnerabilities fixed in Chrome 41.0.2272.76 (For RedHat)	Linux
Update for Google Chrome (45.0.2454.101) (For Suse)	Linux
Update for Google Chrome (48.0.2564.103) (For Suse)	Linux
Update for Google Chrome (48.0.2564.109) (For Suse)	Linux
Update for Google Chrome (48.0.2564.116) (For Suse)	Linux
Update for Google Chrome (51.0.2704.103) (For Suse)	Linux
Update for Google Chrome (51.0.2704.106) (For Suse)	Linux
Updates for Google Chrome (66.0.3359.170) (For Suse)	Linux
Updates for Google Chrome (66.0.3359.181) (For Suse)	Linux
Updates for Google Chrome (67.0.3396.62) (For Suse)	Linux
Updates for Google Chrome (67.0.3396.79) (For Suse)	Linux
Updates for Google Chrome (67.0.3396.87) (For Suse)	Linux
Google Chrome (67.0.3396.99) (For Suse)	Linux
Multiple vulnerabilities fixed in Chrome 41.0.2272.76 (For Suse)	Linux
Updates for Google Chrome (66.0.3359.181) (For Ubuntu)	Linux
Updates for Google Chrome (67.0.3396.62) (For Ubuntu)	Linux
Updates for Google Chrome (67.0.3396.79) (For Ubuntu)	Linux
Updates for Google Chrome (67.0.3396.87) (For Ubuntu)	Linux
Google Chrome (67.0.3396.99) (For Ubuntu)	Linux
Multiple vulnerabilities fixed in Chrome 41.0.2272.76 (For Ubuntu)	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-302563	Update for Google Chrome (45.0.2454.101)
PATCH-302570	Update for Google Chrome x64 (45.0.2454.101)
PATCH-303147	Update for Google Chrome (48.0.2564.103)
PATCH-303167	Update for Google Chrome x64 (48.0.2564.103)
PATCH-303194	Update for Google Chrome (48.0.2564.109)
PATCH-303195	Update for Google Chrome x64 (48.0.2564.109)
PATCH-303196	Update for Google Chrome (48.0.2564.116)
PATCH-303222	Update for Google Chrome x64 (48.0.2564.116)
PATCH-303502	Update for Google Chrome (51.0.2704.103)
PATCH-303503	Update for Google Chrome x64 (51.0.2704.103)
PATCH-303504	Update for Google Chrome (51.0.2704.106)
PATCH-303505	Update for Google Chrome x64 (51.0.2704.106)
PATCH-307513	Updates for Google Chrome (66.0.3359.170)
PATCH-307515	Updates for Google Chrome (x64) (66.0.3359.170)
PATCH-307534	Updates for Google Chrome (66.0.3359.181)
PATCH-307535	Updates for Google Chrome (x64) (66.0.3359.181)
PATCH-307607	Updates for Google Chrome (67.0.3396.62)
PATCH-307608	Updates for Google Chrome (x64) (67.0.3396.62)
PATCH-307641	Updates for Google Chrome (67.0.3396.79)
PATCH-307644	Updates for Google Chrome (x64) (67.0.3396.79)
PATCH-307660	Updates for Google Chrome (67.0.3396.87)
PATCH-307662	Updates for Google Chrome (x64) (67.0.3396.87)
PATCH-307715	Google Chrome (67.0.3396.99)
PATCH-307716	Google Chrome (x64) (67.0.3396.99)
PATCH-313038	Google Chrome (80.0.3987.122)
PATCH-313039	Google Chrome (x64) (80.0.3987.122)
PATCH-611995	Google Chrome for Mac (140.0.7339.132 , 140.0.7339.133)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234