CVE-2017-5044 — Out-of-bounds Write in Google Chrome

CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

6.3MEDIUMNVD

OSV8.8

EPSS

1.0%

top 22.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedApr 24

Latest updateApr 30

Description

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages4 packages

▶NVDgoogle/chrome57.0.2987.75+1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-jpfh-48x5-93p3: Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57↗2022-04-30

▶

OSV

oxide-qt vulnerabilities↗2017-03-29

▶

OSV

CVE-2017-5044: Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57↗2017-03-10

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2017-03-29

▶

Red Hat

chromium-browser: heap overflow in skia↗2017-03-09

▶

💬Community

Bugzilla

chromium: various flaws [fedora-all]↗2017-03-10

▶

Bugzilla

CVE-2017-5044 chromium-browser: heap overflow in skia↗2017-03-10

▶