Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-1794

Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted dimensions.

Related bugs and status

CVE-2011-1794 (Candidate) is related to these bugs:

Bug #778822: 11.0.696.57 -> 11.0.696.65

		In	Importance	Status
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Lucid)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Maverick)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Natty)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Oneiric)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://crbug.com/78327
CONFIRM: http://launchpad.net/b...
CONFIRM: http://trac.webkit.org...