High severity8.8NVD Advisory· Published Mar 29, 2016· Updated May 6, 2026
CVE-2016-1649
CVE-2016-1649
Description
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.
Affected products
6cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-0525.htmlnvd
- www.debian.org/security/2016/dsa-3531nvd
- www.securitytracker.com/id/1035423nvd
- www.ubuntu.com/usn/USN-2955-1nvd
- www.zerodayinitiative.com/advisories/ZDI-16-224nvd
- chromium-review.googlesource.com/334448nvd
- code.google.com/p/chromium/issues/detailnvd
- security.gentoo.org/glsa/201605-02nvd
News mentions
0No linked articles in our index yet.