Heap Use After Free Vulnerability in PDFium Affects Google Chrome
CVE-2016-5183

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome Prior To 54.0.2840.59 For Windows, Mac, And Linux; 54.0.2840.85 For Android
Vendor
CVE Published:
18 December 2016

What is CVE-2016-5183?

A heap use after free vulnerability exists in PDFium, utilized by Google Chrome versions prior to 54.0.2840.59 on Windows, Mac, and Linux, and prior to 54.0.2840.85 on Android. This flaw may allow a remote attacker to exploit heap memory corruption through specially crafted PDF files, leading to potential arbitrary code execution and serious security implications. Users are advised to update to the latest version of Google Chrome to mitigate this risk.

Affected Version(s)

Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android

References

https://codereview.chromium.org/2338893002
x_refsource_CONFIRM
https://crbug.com/645122
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93528
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.