CVE-2017-5114 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.8%

top 25.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedOct 27

Latest updateMay 13

Description

Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDgoogle/chrome< 61.0.3163.79+1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-5j9f-cj24-v3h6: Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61↗2022-05-13

▶

OSV

CVE-2017-5114: Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61↗2017-10-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: memory lifecycle issue in pdfium↗2017-09-05

▶

💬Community

Bugzilla

CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 chromium: various flaws [fedora-all]↗2017-09-06

▶

Bugzilla

CVE-2017-5114 chromium-browser: memory lifecycle issue in pdfium↗2017-09-06

▶