CVE-2016-5151 — Use After Free in Google Chrome

CWE-416 — Use After Free6 documents5 sources

Severity

8.8HIGHNVD

EPSS

1.0%

top 22.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Opensuse Leap

Timeline

PublishedSep 11

Latest updateMay 14

Description

PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDgoogle/chrome52.0.2743.116

▶NVDopensuse/leap42.1

🔴Vulnerability Details

GHSA

GHSA-rw92-3289-rqpg: PDFium in Google Chrome before 53↗2022-05-14

▶

OSV

CVE-2016-5151: PDFium in Google Chrome before 53↗2016-09-11

▶

📋Vendor Advisories

Red Hat

chromium-browser: use after free in pdfium↗2016-08-31

▶

💬Community

Bugzilla

CVE-2016-5151 chromium-browser: use after free in pdfium↗2016-09-01

▶

Bugzilla

chromium: various flaws [fedora-all]↗2016-09-01

▶