CVE-2016-1613 — Use After Free in Google Chrome

CWE-416 — Use After Free5 documents5 sources

Severity

7.6HIGHNVD

EPSS

0.9%

top 24.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJan 25

Latest updateMay 17

Description

Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:HExploitability: 2.8 | Impact: 4.7

Affected Packages1 packages

▶NVDgoogle/chrome47.0.2526.106

🔴Vulnerability Details

GHSA

GHSA-9h23-365m-44mc: Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48↗2022-05-17

▶

OSV

CVE-2016-1613: Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48↗2016-01-25

▶

📋Vendor Advisories

Red Hat

chromium-browser: use-after-free in PDFium↗2016-01-20

▶

💬Community

Bugzilla

CVE-2016-1613 chromium-browser: use-after-free in PDFium↗2016-01-22

▶