High severity8.8NVD Advisory· Published Sep 11, 2016· Updated May 6, 2026

CVE-2016-7395

Description

SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2016/dsa-3667nvd
www.securityfocus.com/bid/92717nvd
codereview.chromium.org/2006143009nvd
crbug.com/613918nvd
googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000