Search for vulnerabilities
Vulnerability details: VCID-2s7p-xyav-aaae
Vulnerability ID VCID-2s7p-xyav-aaae
Aliases CVE-2015-1220
Summary Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
generic_textual Medium http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1220.html
rhas Important https://access.redhat.com/errata/RHSA-2015:0627
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00517 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.00661 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01241 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.01765 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.02975 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.02975 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.03072 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.04062 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
epss 0.04062 https://api.first.org/data/v1/epss?cve=CVE-2015-1220
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1198527
generic_textual Medium https://code.google.com/p/chromium/issues/detail?id=437651
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1220
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2015-1220
generic_textual Medium https://src.chromium.org/viewvc/blink?revision=188423&view=revision
generic_textual Medium https://ubuntu.com/security/notices/USN-2521-1
Reference id Reference type URL
http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1220.html
http://rhn.redhat.com/errata/RHSA-2015-0627.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1220.json
https://api.first.org/data/v1/epss?cve=CVE-2015-1220
https://code.google.com/p/chromium/issues/detail?id=437651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1220
https://security.gentoo.org/glsa/201503-12
https://src.chromium.org/viewvc/blink?revision=188423&view=revision
https://ubuntu.com/security/notices/USN-2521-1
http://www.securityfocus.com/bid/72901
http://www.ubuntu.com/usn/USN-2521-1
1198527 https://bugzilla.redhat.com/show_bug.cgi?id=1198527
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
CVE-2015-1220 https://nvd.nist.gov/vuln/detail/CVE-2015-1220
RHSA-2015:0627 https://access.redhat.com/errata/RHSA-2015:0627
USN-2521-1 https://usn.ubuntu.com/2521-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-1220
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.64052
EPSS Score 0.00517
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.