{"id":"USN-2556-1","summary":"oxide-qt vulnerabilities","details":"It was discovered that Chromium did not properly handle the interaction\nof IPC, the gamepad API and V8. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user invoking the\nprogram. (CVE-2015-1233)\n\nA buffer overflow was discovered in the GPU service. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash. (CVE-2015-1234)\n\nIt was discovered that Oxide did not correctly manage the lifetime of\nBrowserContext, resulting in a potential use-after-free in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1317)\n","modified":"2026-02-10T04:40:53Z","published":"2015-04-07T10:47:13Z","related":["UBUNTU-CVE-2015-1233","UBUNTU-CVE-2015-1234","UBUNTU-CVE-2015-1317"],"upstream":["CVE-2015-1233","CVE-2015-1234","CVE-2015-1317","UBUNTU-CVE-2015-1233","UBUNTU-CVE-2015-1234","UBUNTU-CVE-2015-1317"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2556-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1233"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1234"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1317"},{"type":"REPORT","url":"https://launchpad.net/bugs/1431484"}],"affected":[{"package":{"name":"oxide-qt","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/oxide-qt@1.5.6-0ubuntu0.14.04.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.6-0ubuntu0.14.04.2"}]}],"versions":["1.0.0~bzr437-0ubuntu1","1.0.0~bzr452-0ubuntu1","1.0.0~bzr475-0ubuntu1","1.0.0~bzr490-0ubuntu1","1.0.0~bzr501-0ubuntu1","1.0.0~bzr501-0ubuntu2","1.0.4-0ubuntu0.14.04.1","1.0.5-0ubuntu0.14.04.1","1.1.2-0ubuntu0.14.04.1","1.2.5-0ubuntu0.14.04.1","1.3.4-0ubuntu0.14.04.1","1.4.2-0ubuntu0.14.04.1","1.4.3-0ubuntu0.14.04.1","1.5.5-0ubuntu0.14.04.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.5.6-0ubuntu0.14.04.2","binary_name":"liboxideqt-qmlplugin"},{"binary_version":"1.5.6-0ubuntu0.14.04.2","binary_name":"liboxideqtcore0"},{"binary_version":"1.5.6-0ubuntu0.14.04.2","binary_name":"liboxideqtquick0"},{"binary_version":"1.5.6-0ubuntu0.14.04.2","binary_name":"oxideqmlscene"},{"binary_version":"1.5.6-0ubuntu0.14.04.2","binary_name":"oxideqt-chromedriver"},{"binary_version":"1.5.6-0ubuntu0.14.04.2","binary_name":"oxideqt-codecs"},{"binary_version":"1.5.6-0ubuntu0.14.04.2","binary_name":"oxideqt-codecs-extra"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1233"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1234"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-1317"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2556-1.json"}}],"schema_version":"1.7.3"}