CVE-2009-1442

Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.

Published: May 7, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-1442
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
google / chrome	0.3.154.3	0.3.154.3.x
google / chrome	0.2.149.30	0.2.149.30.x
google / chrome	0.4.154.31	0.4.154.31.x
google / chrome	1.0.154.39	1.0.154.39.x
google / chrome	1.0.154.59	1.0.154.59.x
google / chrome	0.4.154.33	0.4.154.33.x
google / chrome	1.0.154.43	1.0.154.43.x
google / chrome	1.0.154.42	1.0.154.42.x
google / chrome	2.0.157.2	2.0.157.2.x
google / chrome	0.4.154.18	0.4.154.18.x
google / chrome	0.2.149.29	0.2.149.29.x
google / chrome	2.0.157.0	2.0.157.0.x
google / chrome	0.2.152.1	0.2.152.1.x
google / chrome	0.3.154.0	0.3.154.0.x
google / chrome	0.2.153.1	0.2.153.1.x
google / chrome	1.0.154.36	1.0.154.36.x
google / chrome	2.0.156.1	2.0.156.1.x
google / chrome	1.0.154.46	1.0.154.46.x
google / chrome	0.4.154.22	0.4.154.22.x
google / chrome	-	1.0.154.53.x
google / chrome	2.0.159.0	2.0.159.0.x
google / chrome	2.0.158.0	2.0.158.0.x

Vulnerability Database

309,961

CVE-2009-1442

Deep Security Visibility Without the Complexity