CVE-2015-6756 — Use After Free in Google Chrome

CWE-416 — Use After Free5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

1.0%

top 23.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedOct 15

Latest updateMay 17

Description

Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome45.0.2454.101

🔴Vulnerability Details

GHSA

GHSA-vfv2-4jmx-x9vh: Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr↗2022-05-17

▶

OSV

CVE-2015-6756: Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr↗2015-10-15

▶

📋Vendor Advisories

Red Hat

chromium-browser: use-after-free in PDFium↗2015-10-13

▶

💬Community

Bugzilla

CVE-2015-6756 chromium-browser: use-after-free in PDFium↗2015-10-14

▶