CVE-2016-10403 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read2 documents2 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 40.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJan 9

Latest updateMay 14

Description

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5google/chromeunspecified — 51.0.2704.63

▶NVDgoogle/chrome< 51.0.2704.63

🔴Vulnerability Details

GHSA

GHSA-8973-9xqm-82q8: Insufficient data validation on image data in PDFium in Google Chrome prior to 51↗2022-05-14

▶