CVE-2011-3062 — Incorrect Calculation in Google Chrome

CWE-682 — Incorrect Calculation CWE-193 — Off-by-one Error CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

2.4%

top 14.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Mozilla Firefox Mozilla Seamonkey +2 more

Timeline

PublishedMar 30

Latest updateMay 13

Description

Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

▶NVDgoogle/chrome< 18.0.1025.142

▶NVDmozilla/firefox< 10.0.4+1

▶NVDmozilla/seamonkey< 2.9

▶NVDmozilla/thunderbird< 12.0

▶NVDmozilla/thunderbird_esr< 10.0.4

🔴Vulnerability Details

GHSA

GHSA-fr3j-gxg3-m435: Off-by-one error in the OpenType Sanitizer in Google Chrome before 18↗2022-05-13

▶

CVEList

CVE-2011-3062: Off-by-one error in the OpenType Sanitizer in Google Chrome before 18↗2012-03-30

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2012-05-04

▶

Ubuntu

ubufox update↗2012-04-27

▶

Ubuntu

Firefox vulnerabilities↗2012-04-27

▶

Red Hat

Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)↗2012-04-24

▶

💬Community

Bugzilla

CVE-2011-3062 Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)↗2012-04-22

▶