Описание
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 26.0.1410.56 (включая)
Одно из
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.0:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.1:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.3:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.4:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.5:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.6:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.7:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.8:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.9:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.10:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.11:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.12:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.14:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.15:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.16:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.17:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.18:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.19:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.20:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.21:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.22:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.23:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.24:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.25:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.26:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.27:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.28:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.29:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.30:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.31:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.32:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.33:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.34:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.35:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.36:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.37:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.38:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.39:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.40:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.41:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.42:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.43:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.44:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.45:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.46:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.47:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.48:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.49:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.50:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.51:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.52:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.54:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:26.0.1410.55:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00192
Низкий
7.5 High
CVSS2
Дефекты
CWE-59
Связанные уязвимости
github
больше 3 лет назад
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data.
EPSS
Процентиль: 41%
0.00192
Низкий
7.5 High
CVSS2
Дефекты
CWE-59