Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 18.0.1025.142 (excluding) | |
Red Hat Enterprise Linux 5 | RedHat | firefox-0:10.0.4-1.el5_8 | * |
Red Hat Enterprise Linux 5 | RedHat | xulrunner-0:10.0.4-1.el5_8 | * |
Red Hat Enterprise Linux 5 | RedHat | thunderbird-0:10.0.4-1.el5_8 | * |
Red Hat Enterprise Linux 6 | RedHat | firefox-0:10.0.4-1.el6_2 | * |
Red Hat Enterprise Linux 6 | RedHat | xulrunner-0:10.0.4-1.el6_2 | * |
Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:10.0.4-1.el6_2 | * |
Chromium-browser | Ubuntu | lucid | * |
Chromium-browser | Ubuntu | maverick | * |
Chromium-browser | Ubuntu | natty | * |
Chromium-browser | Ubuntu | oneiric | * |
Chromium-browser | Ubuntu | upstream | * |