Vulnerabilities > CVE-2011-3893 - Out-of-bounds Read vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201111-05.NASL description The remote host is affected by the vulnerability described in GLSA-201111-05 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could cause a Java applet to run without user confirmation. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56901 published 2011-11-22 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56901 title GLSA-201111-05 : Chromium, V8: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201111-05. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(56901); script_version("1.9"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3894", "CVE-2011-3895", "CVE-2011-3896", "CVE-2011-3897", "CVE-2011-3898", "CVE-2011-3900"); script_bugtraq_id(50642, 50701); script_xref(name:"GLSA", value:"201111-05"); script_name(english:"GLSA-201111-05 : Chromium, V8: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201111-05 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could cause a Java applet to run without user confirmation. Workaround : There is no known workaround at this time." ); # https://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0f60ac84" ); # https://googlechromereleases.blogspot.com/2011/11/stable-channel-update_16.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5f5edd29" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201111-05" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-15.0.874.121' All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.5.10.24'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:v8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 15.0.874.121"), vulnerable:make_list("lt 15.0.874.121"))) flag++; if (qpkg_check(package:"dev-lang/v8", unaffected:make_list("ge 3.5.10.24"), vulnerable:make_list("lt 3.5.10.24"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / V8"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2471.NASL description Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code. These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael Coldwind, and Michael Niedermayer. last seen 2020-03-17 modified 2012-05-15 plugin id 59094 published 2012-05-15 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59094 title Debian DSA-2471-1 : ffmpeg - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2471. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(59094); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3895", "CVE-2011-3929", "CVE-2011-3936", "CVE-2011-3940", "CVE-2011-3947", "CVE-2012-0853", "CVE-2012-0947"); script_xref(name:"DSA", value:"2471"); script_name(english:"Debian DSA-2471-1 : ffmpeg - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code. These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael Coldwind, and Michael Niedermayer." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/ffmpeg" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2471" ); script_set_attribute( attribute:"solution", value: "Upgrade the ffmpeg packages. For the stable distribution (squeeze), this problem has been fixed in version 4:0.5.8-1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ffmpeg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"ffmpeg", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"ffmpeg-dbg", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"ffmpeg-doc", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavcodec-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavcodec52", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavdevice-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavdevice52", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavfilter-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavfilter0", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavformat-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavformat52", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavutil-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libavutil49", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libpostproc-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libpostproc51", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libswscale-dev", reference:"4:0.5.8-1")) flag++; if (deb_check(release:"6.0", prefix:"libswscale0", reference:"4:0.5.8-1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-12.NASL description The remote host is affected by the vulnerability described in GLSA-201310-12 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70647 published 2013-10-27 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70647 title GLSA-201310-12 : FFmpeg: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6887828F022911E0B84D00262D5ED8EE.NASL description Google Chrome Releases reports : Fixed in 15.0.874.121 : [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120 : [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken last seen 2020-06-01 modified 2020-06-02 plugin id 51069 published 2010-12-08 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51069 title FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-075.NASL description Multiple vulnerabilities has been found and corrected in ffmpeg : The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362 (CVE-2011-3973). Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362 (CVE-2011-3974). Double free vulnerability in the Theora decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3892). FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3893). Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3895). An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow (CVE-2011-4351). An integer overflow error within the last seen 2020-06-01 modified 2020-06-02 plugin id 59096 published 2012-05-15 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59096 title Mandriva Linux Security Advisory : ffmpeg (MDVSA-2012:075) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-076.NASL description Multiple vulnerabilities has been found and corrected in ffmpeg : The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362 (CVE-2011-3973). Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362 (CVE-2011-3974). Double free vulnerability in the Theora decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3892). FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3893). Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3895). An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow (CVE-2011-4351). An integer overflow error within the last seen 2020-06-01 modified 2020-06-02 plugin id 61951 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61951 title Mandriva Linux Security Advisory : ffmpeg (MDVSA-2012:076) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4D087B35099011E3A9F4BCAEC565249C.NASL description Bundled version of libav in gstreamer-ffmpeg contains a number of vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 69412 published 2013-08-21 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69412 title FreeBSD : gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav (4d087b35-0990-11e3-a9f4-bcaec565249c) NASL family Windows NASL id GOOGLE_CHROME_15_0_874_120.NASL description The version of Google Chrome installed on the remote host is earlier than 15.0.874.120. It is, therefore, potentially affected by the following vulnerabilities : - A double-free error exists in the Theora decoder. (CVE-2011-3892) - Out-of-bounds read errors exist in the MVK and Vorbis media handlers. (CVE-2011-3893) - A memory corruption error exists in the VP8 decoding. (CVE-2011-3894) - A heap overflow error exists in the Vorbis decoder. (CVE-2011-3895) - A buffer overflow error exists in shader variable mapping functionality. (CVE-2011-3896) - A use-after-free error exists related to unspecified editing. (CVE-2011-3897) - In JRE7, applets are allowed to run without the proper permissions. (CVE-2011-3898) last seen 2020-06-01 modified 2020-06-02 plugin id 56779 published 2011-11-11 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56779 title Google Chrome < 15.0.874.120 Multiple Vulnerabilities
Oval
accepted | 2014-04-07T04:01:02.128-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:14267 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2011-11-25T18:27:47.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 52 |
Seebug
bulletinFamily | exploit |
description | CVE ID:CVE-2011-3893 Google Chrome是一款开源的WEB浏览器。 MKV和Voribis媒体处理器存在越界读漏洞,攻击者构建恶意WEB页,诱使用户解析,可导致应用程序崩溃。 Google Chrome 15.x 厂商解决方案 Google Chrome 15.0.874.120已经修复此漏洞,建议用户下载使用: http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html |
id | SSV:23211 |
last seen | 2017-11-19 |
modified | 2011-11-17 |
published | 2011-11-17 |
reporter | Root |
title | Google Chrome 15.x MKV和Vorbis媒体处理漏洞 |
References
- http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html
- http://secunia.com/advisories/49089
- http://secunia.com/advisories/46933
- http://code.google.com/p/chromium/issues/detail?id=100492
- http://code.google.com/p/chromium/issues/detail?id=100543
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14267