CVE Vulnerabilities

CVE-2016-1643

Published: Mar 13, 2016 | Modified: Nov 07, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
6.8 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage type confusion.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 49.0.2623.75 (including)
Red Hat Enterprise Linux 6 Supplementary RedHat chromium-browser-0:49.0.2623.87-1.el6 *
Chromium-browser Ubuntu devel *
Chromium-browser Ubuntu precise *
Chromium-browser Ubuntu trusty *
Chromium-browser Ubuntu upstream *
Chromium-browser Ubuntu wily *
Oxide-qt Ubuntu devel *
Oxide-qt Ubuntu trusty *
Oxide-qt Ubuntu upstream *
Oxide-qt Ubuntu vivid/stable-phone-overlay *
Oxide-qt Ubuntu wily *

References