Unrated severityNVD Advisory· Published May 7, 2009· Updated Apr 23, 2026
CVE-2009-1441
CVE-2009-1441
Description
Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.
Affected products
17cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=1.0.154.53
- cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- code.google.com/p/chromium/issues/detailnvdExploit
- googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.htmlnvdVendor Advisory
- secunia.com/advisories/35014nvdVendor Advisory
- www.vupen.com/english/advisories/2009/1266nvdVendor Advisory
- osvdb.org/54288nvd
- www.securityfocus.com/bid/34859nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/50362nvd
News mentions
0No linked articles in our index yet.