漏洞描述
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Google sfntly是其中的一个用于使用、编辑和创建基于SFNT字体的字体工具包。 Google Chrome 52.0.2743.82之前版本使用的Google sfntly 2016-06-10之前的版本中的data/byte_array.cc文件中的‘ByteArray::Get’方法存在基于堆的缓冲区溢出漏洞。远程攻击者可借助特制的SFNT字体利用该漏洞造成拒绝服务。
Google Chrome ‘ByteArray::Get’方法基于堆的缓冲区溢出漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-11307: WP Google Maps < 9.0.48 - Cross-Site Scripting
- POC wp-easy-google-fonts-log-disclosure: WordPress Easy Google Fonts - Error Log Disclosure
- WordPress Google for WooCommerce /wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php 信息泄露漏洞(CVE-2024-10486)
- Chrome 远程调试 /json/version 未授权访问漏洞
- POC CVE-2015-2755: WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
- POC CVE-2017-18556: Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting
- POC CVE-2017-18557: Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting
- POC CVE-2018-3810: Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass
- POC CVE-2019-10692: WordPress Google Maps <7.11.18 - SQL Injection
- POC CVE-2019-9912: WP Google Maps < 7.10.43 - Cross-Site Scripting
- POC CVE-2022-0346: WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution
- POC CVE-2023-32117: Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
- POC CVE-2023-6697: WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting