CVE-2009-1441

Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.

Published: May 7, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1441
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
google / chrome	0.3.154.3	0.3.154.3.x
google / chrome	0.2.149.30	0.2.149.30.x
google / chrome	0.4.154.31	0.4.154.31.x
google / chrome	1.0.154.39	1.0.154.39.x
google / chrome	1.0.154.59	1.0.154.59.x
google / chrome	0.4.154.33	0.4.154.33.x
google / chrome	1.0.154.43	1.0.154.43.x
google / chrome	1.0.154.42	1.0.154.42.x
google / chrome	0.4.154.18	0.4.154.18.x
google / chrome	0.2.149.29	0.2.149.29.x
google / chrome	0.2.152.1	0.2.152.1.x
google / chrome	0.3.154.0	0.3.154.0.x
google / chrome	0.2.153.1	0.2.153.1.x
google / chrome	1.0.154.36	1.0.154.36.x
google / chrome	1.0.154.46	1.0.154.46.x
google / chrome	0.4.154.22	0.4.154.22.x
google / chrome	-	1.0.154.53.x

Vulnerability Database

289,599

CVE-2009-1441