← Back

CVE-2023-44216

nvd nist
Published: Sep 27, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 1.6 / Impact: 3.6
Source: NVD

Description

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

Affected (17)

Show all products
Canonical: Ubuntu Linux · Amd: Ryzen 7 4800u, Ryzen 5 7600x · Intel: Core I7 10510u, Core I7 12700k, Core I7 8700, Core I7 10610u, Core I7 11800h · Microsoft: Windows 11, Windows 10 · Nvidia: Geforce Rtx 3060, Geforce Rtx 2080 Super · Apple: Macos, M1 Mac Mini · Google: Android, Pixel 6
Canonical
1 product
Ubuntu Linux
Amd
2 products
Ryzen 7 4800u
Ryzen 5 7600x
Intel
5 products
Core I7 10510u
Core I7 12700k
Core I7 8700
Core I7 10610u
Core I7 11800h
Microsoft
2 products
Windows 11
Windows 10
Nvidia
2 products
Geforce Rtx 3060
Geforce Rtx 2080 Super
Apple
2 products
Macos
M1 Mac Mini
Google
2 products
Android
Pixel 6
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 22.04
Ryzen 7 4800u
All versions
Core I7 10510u
All versions
Core I7 12700k
All versions
Core I7 8700
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Windows 11
All versions
Core I7 10610u
All versions
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Windows 11
All versions
Core I7 11800h
All versions
Geforce Rtx 3060
All versions
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Windows 10
All versions
Ryzen 5 7600x
All versions
Geforce Rtx 2080 Super
All versions
Configuration E
2 vulnerable
Vulnerable SoftwareAffected Versions
Macos
Version 13.1
M1 Mac Mini
All versions
Configuration F
2 vulnerable
Vulnerable SoftwareAffected Versions
Android
Version 13.0
Pixel 6
All versions

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (18)

Source: cve@mitre.org
Press/Media CoverageThird Party Advisory
Source: cve@mitre.org
Press/Media Coverage
Source: cve@mitre.org
Press/Media Coverage
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Issue Tracking
Source: cve@mitre.org
Press/Media Coverage
Source: cve@mitre.org
Technical Description
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media CoverageThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.