Endpoint Vulnerability

Out-of-bounds read and write while rendering SVG content

Description

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to report an out-of-bounds read and an out-of-bounds write when rendering an improperly formatted SVG graphic. This could potentially allow the attacker to read uninitialized memory.

Affected Products

Thunderbird

References

CVE-2015-0827,