CVE-2024-7018Heap-based Buffer Overflow in Google Chrome

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 31.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeChromium
Timeline
PublishedSep 23
Latest updateSep 24

Description

Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/chrome124.0.6367.78124.0.6367.78
NVDgoogle/chrome< 124.0.6367.78
Debianchromium/chromium< 124.0.6367.78-1~deb12u1+2

🔴Vulnerability Details

3
GHSA
GHSA-53c9-m2h7-5xhr: Heap buffer overflow in PDF in Google Chrome prior to 1242024-09-24
OSV
CVE-2024-7018: Heap buffer overflow in PDF in Google Chrome prior to 1242024-09-23
CVEList
CVE-2024-7018: Heap buffer overflow in PDF in Google Chrome prior to 1242024-09-23

📋Vendor Advisories

1
Debian
CVE-2024-7018: chromium - Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a re...2024
CVE-2024-7018 — Heap-based Buffer Overflow in Google | cvebase