{"id":"USN-2521-1","summary":"oxide-qt vulnerabilities","details":"Several out-of-bounds write bugs were discovered in Skia. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user invoking\nthe program. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215)\n\nA use-after-free was discovered in the V8 bindings in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer crash,\nor execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2015-1216)\n\nMultiple type confusion bugs were discovered in the V8 bindings in Blink.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service via\nrenderer crash, or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2015-1217, CVE-2015-1230)\n\nMultiple use-after-free bugs were discovered in the DOM implementation in\nBlink. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service\nvia renderer crash, or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2015-1218, CVE-2015-1223)\n\nAn integer overflow was discovered in Skia. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash or execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2015-1219)\n\nA use-after-free was discovered in the GIF image decoder in Blink. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via renderer\ncrash, or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2015-1220)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2015-1221)\n\nMultiple use-after-free bugs were discovered in the service worker\nimplementation in Chromium. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit these\nto cause a denial of service via application crash or execute arbitrary\ncode with the privileges of the user invoking the program. (CVE-2015-1222)\n\nAn out-of-bounds read was discovered in the VPX decoder implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via renderer crash. (CVE-2015-1224)\n\nIt was discovered that Blink did not initialize memory for image drawing\nin some circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to read\nuninitialized memory. (CVE-2015-1227)\n\nIt was discovered that Blink did not initialize memory for a data\nstructure in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via renderer crash, or execute arbitrary code\nwith the privileges of the sandboxed render process. (CVE-2015-1228)\n\nIt was discovered that a web proxy returning a 407 response could inject\ncookies in to the originally requested domain. If a user connected to a\nmalicious web proxy, an attacker could potentially exploit this to conduct\nsession-fixation attacks. (CVE-2015-1229)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1231)\n\nMultiple security issues were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nexploit these to read uninitialized memory, cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2015-2238)\n","modified":"2026-02-10T04:40:53Z","published":"2015-03-10T15:28:14Z","related":["UBUNTU-CVE-2015-1213","UBUNTU-CVE-2015-1214","UBUNTU-CVE-2015-1215","UBUNTU-CVE-2015-1216","UBUNTU-CVE-2015-1217","UBUNTU-CVE-2015-1218","UBUNTU-CVE-2015-1219","UBUNTU-CVE-2015-1220","UBUNTU-CVE-2015-1221","UBUNTU-CVE-2015-1222","UBUNTU-CVE-2015-1223","UBUNTU-CVE-2015-1224","UBUNTU-CVE-2015-1227","UBUNTU-CVE-2015-1228","UBUNTU-CVE-2015-1229","UBUNTU-CVE-2015-1230","UBUNTU-CVE-2015-1231","UBUNTU-CVE-2015-2238"],"upstream":["CVE-2015-1213","CVE-2015-1214","CVE-2015-1215","CVE-2015-1216","CVE-2015-1217","CVE-2015-1218","CVE-2015-1219","CVE-2015-1220","CVE-2015-1221","CVE-2015-1222","CVE-2015-1223","CVE-2015-1224","CVE-2015-1227","CVE-2015-1228","CVE-2015-1229","CVE-2015-1230","CVE-2015-1231","CVE-2015-2238","UBUNTU-CVE-2015-1213","UBUNTU-CVE-2015-1214","UBUNTU-CVE-2015-1215","UBUNTU-CVE-2015-1216","UBUNTU-CVE-2015-1217","UBUNTU-CVE-2015-1218","UBUNTU-CVE-2015-1219","UBUNTU-CVE-2015-1220","UBUNTU-CVE-2015-1221","UBUNTU-CVE-2015-1222","UBUNTU-CVE-2015-1223","UBUNTU-CVE-2015-1224","UBUNTU-CVE-2015-1227","UBUNTU-CVE-2015-1228","UBUNTU-CVE-2015-1229","UBUNTU-CVE-2015-1230","UBUNTU-CVE-2015-1231","UBUNTU-CVE-2015-2238"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2521-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1213"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1214"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1215"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1216"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1217"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1218"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1219"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1220"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1221"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1222"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1223"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1224"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1227"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1228"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1229"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1230"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1231"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2238"}],"affected":[{"package":{"name":"oxide-qt","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/oxide-qt@1.5.5-0ubuntu0.14.04.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.5-0ubuntu0.14.04.3"}]}],"versions":["1.0.0~bzr437-0ubuntu1","1.0.0~bzr452-0ubuntu1","1.0.0~bzr475-0ubuntu1","1.0.0~bzr490-0ubuntu1","1.0.0~bzr501-0ubuntu1","1.0.0~bzr501-0ubuntu2","1.0.4-0ubuntu0.14.04.1","1.0.5-0ubuntu0.14.04.1","1.1.2-0ubuntu0.14.04.1","1.2.5-0ubuntu0.14.04.1","1.3.4-0ubuntu0.14.04.1","1.4.2-0ubuntu0.14.04.1","1.4.3-0ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.5.5-0ubuntu0.14.04.3","binary_name":"liboxideqt-qmlplugin"},{"binary_version":"1.5.5-0ubuntu0.14.04.3","binary_name":"liboxideqtcore0"},{"binary_version":"1.5.5-0ubuntu0.14.04.3","binary_name":"liboxideqtquick0"},{"binary_version":"1.5.5-0ubuntu0.14.04.3","binary_name":"oxideqmlscene"},{"binary_version":"1.5.5-0ubuntu0.14.04.3","binary_name":"oxideqt-chromedriver"},{"binary_version":"1.5.5-0ubuntu0.14.04.3","binary_name":"oxideqt-codecs"},{"binary_version":"1.5.5-0ubuntu0.14.04.3","binary_name":"oxideqt-codecs-extra"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2521-1.json","cves_map":{"cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1213"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1214"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1215"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1216"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1217"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1218"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1219"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1220"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1221"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1222"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1223"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1224"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1227"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1228"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1229"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1230"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1231"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2238"}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.3"}