CVE-2017-5119Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeDebian Linux
Timeline
PublishedOct 27
Latest updateMay 14

Description

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDgoogle/chrome< 61.0.3163.100

Also affects: Debian Linux 9.0

🔴Vulnerability Details

2
GHSA
GHSA-9v35-cqmg-5cm7: Use of an uninitialized value in Skia in Google Chrome prior to 612022-05-14
OSV
CVE-2017-5119: Use of an uninitialized value in Skia in Google Chrome prior to 612017-10-27

📋Vendor Advisories

1
Red Hat
chromium-browser: use of uninitialized value in skia2017-09-05

💬Community

2
Bugzilla
CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 chromium: various flaws [fedora-all]2017-09-06
Bugzilla
CVE-2017-5119 chromium-browser: use of uninitialized value in skia2017-09-06