Use After Free Vulnerability in PDFium for Google Chrome
CVE-2016-5203

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 55.0.2883.75 For Mac, Windows And Linux, And 55.0.2883.84 For Android
Vendor
CVE Published:
19 January 2017

Summary

A use after free vulnerability in the PDFium component of Google Chrome can be exploited by attackers through a specially crafted PDF file. This flaw, present in versions prior to 55.0.2883.75 for Mac, Windows, and Linux, and prior to 55.0.2883.84 for Android, can lead to heap corruption, potentially allowing a remote attacker to execute arbitrary code. Users are advised to update their browsers to mitigate these risks.

Affected Version(s)

Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android

References

http://rhn.redhat.com/errata/RHSA-2016-2919.html
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/94633
vdb-entryx_refsource_BID
https://crbug.com/644219
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.