Stack Overflow Vulnerability in Google Chrome's PDFium Component
CVE-2017-5095

8.8HIGH

Key Information:

Vendor

Google
Status
Google Chrome Prior To 60.0.3112.78 For Linux, Windows And Mac
Vendor
CVE Published:
27 October 2017

What is CVE-2017-5095?

A stack overflow vulnerability exists in the PDFium component of Google Chrome that can be exploited through specially crafted PDF files. When an affected version of the browser processes a malicious PDF, it may lead to stack corruption, potentially allowing remote attackers to execute arbitrary code. Users are urged to update their browsers to the latest version to mitigate this risk and protect their systems.

Affected Version(s)

Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac

References

https://security.gentoo.org/glsa/201709-15
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3926
vendor-advisoryx_refsource_DEBIAN
https://chromereleases.googleblog.com/2017/07/stable-chan...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.