CVE-2016-5223 — Integer Overflow or Wraparound in Google Chrome

CWE-190 — Integer Overflow or Wraparound7 documents5 sources

Severity

6.5MEDIUMNVD

OSV5.0

EPSS

0.5%

top 34.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Swift Google Chrome

Timeline

PublishedJan 19

Latest updateMay 14

Description

Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/chrome54.0.2840.99

▶Ubuntuopenstack/swift< 1.13.1-0ubuntu1.5

🔴Vulnerability Details

GHSA

GHSA-m3rr-mh54-jmrf: Integer overflow in PDFium in Google Chrome prior to 55↗2022-05-14

▶

OSV

swift vulnerabilities↗2017-10-11

▶

OSV

CVE-2016-5223: Integer overflow in PDFium in Google Chrome prior to 55↗2017-01-19

▶

📋Vendor Advisories

Red Hat

chromium-browser: integer overflow in pdfium↗2016-12-01

▶

💬Community

Bugzilla

chromium: various flaws [fedora-all]↗2016-12-02

▶

Bugzilla

CVE-2016-5223 chromium-browser: integer overflow in pdfium↗2016-12-02

▶