Use After Free Vulnerability in PDFium in Google Chrome
CVE-2017-5126

8.8HIGH

Key Information:

Vendor

Google
Status
Google Chrome Prior To 62.0.3202.62
Vendor
CVE Published:
7 February 2018

What is CVE-2017-5126?

A use after free vulnerability exists in the PDFium component of Google Chrome prior to version 62.0.3202.62. This flaw could allow an attacker to manipulate memory allocation and potentially lead to heap corruption when a specially crafted PDF file is opened. Exploiting this vulnerability may enable malicious actors to execute arbitrary code within the context of the affected application, posing serious threats to users' data integrity and system security.

Affected Version(s)

Google Chrome prior to 62.0.3202.62 Google Chrome prior to 62.0.3202.62

References

http://www.securityfocus.com/bid/101482
vdb-entryx_refsource_BID
https://crbug.com/760455
x_refsource_MISC
https://chromereleases.googleblog.com/2017/10/stable-chan...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.