CVE-2015-6758Incorrect Type Conversion or Cast in Google Chrome

CWE-17CWE-704Incorrect Type Conversion or Cast5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
1.0%
top 23.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedOct 15
Latest updateMay 17

Description

The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome45.0.2454.101

🔴Vulnerability Details

2
GHSA
GHSA-4qw4-mgvm-hr9r: The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document2022-05-17
OSV
CVE-2015-6758: The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document2015-10-15

📋Vendor Advisories

1
Red Hat
chromium-browser: Bad-cast in PDFium2015-10-13

💬Community

1
Bugzilla
CVE-2015-6758 chromium-browser: Bad-cast in PDFium2015-10-14