Vulnerabilities > CVE-2012-5127 - Numeric Errors vulnerability in Google Chrome

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
google
CWE-189
nessus
NVD
Published: 2012-11-07
Updated: 2023-11-07

Summary

Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.

Vulnerable Configurations

Part Description Count
Application
Google
2517

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idGOOGLE_CHROME_23_0_1271_64.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 23.0.1271.64 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to SVG filter handling, video layout, extension tab handling and plug-in placeholder handling. (CVE-2012-5116, CVE-2012-5121, CVE-2012-5125, CVE-2012-5126) - An error exists related to inappropriate SVG subresource loading in the
    last seen2020-06-01
    modified2020-06-02
    plugin id62861
    published2012-11-08
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62861
    titleGoogle Chrome < 23.0.1271.64 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(62861);
  script_version("1.9");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id(
    "CVE-2012-5116",
    "CVE-2012-5117",
    "CVE-2012-5119",
    "CVE-2012-5121",
    "CVE-2012-5122",
    "CVE-2012-5123",
    "CVE-2012-5124",
    "CVE-2012-5125",
    "CVE-2012-5126",
    "CVE-2012-5127",
    "CVE-2012-5128"
  );
  script_bugtraq_id(56413);

  script_name(english:"Google Chrome < 23.0.1271.64 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Google Chrome");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 23.0.1271.64 and is, therefore, affected by the following
vulnerabilities :

  - Use-after-free errors exist related to SVG filter
    handling, video layout, extension tab handling and
    plug-in placeholder handling. (CVE-2012-5116,
    CVE-2012-5121, CVE-2012-5125, CVE-2012-5126)

  - An error exists related to inappropriate SVG
    subresource loading in the 'img' context.
    (CVE-2012-5117)

  - A race condition exists related to 'Pepper' buffer
    handling. (CVE-2012-5119)

  - A bad cast error exists related to input handling.
    (CVE-2012-5122)

  - Out-of-bounds reads exist related to Skia.
    (CVE-2012-5123)

  - A memory corruption error exists related to texture
    handling. (CVE-2012-5124)

  - An integer overflow error exists related to 'WebP'
    handling. This error can lead to out-of-bounds reads.
    (CVE-2012-5127)

  - An improper write error exists related to the 'v8'
    JavaScript engine. (CVE-2012-5128)

Successful exploitation of any of these issues could lead to an
application crash or even allow arbitrary code execution, subject to the
user's privileges.");
  # https://chromereleases.googleblog.com/2012/11/stable-channel-release-and-beta-channel.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a3dbf13e");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome 23.0.1271.64 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5128");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'23.0.1271.64', severity:SECURITY_HOLE);
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-1473.NASL
    descriptionSecurity libwebp release, where an integer overflow allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-02-04
    plugin id64448
    published2013-02-04
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64448
    titleFedora 17 : OpenImageIO-1.0.11-2.fc17 / gdal-1.9.1-14.fc17.1 / leptonica-1.69-5.fc17 / etc (2013-1473)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-1473.
#

include("compat.inc");

if (description)
{
  script_id(64448);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-5127");
  script_bugtraq_id(56413);
  script_xref(name:"FEDORA", value:"2013-1473");

  script_name(english:"Fedora 17 : OpenImageIO-1.0.11-2.fc17 / gdal-1.9.1-14.fc17.1 / leptonica-1.69-5.fc17 / etc (2013-1473)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security libwebp release, where an integer overflow allows remote
attackers to cause a denial of service (out-of-bounds read) or
possibly have unspecified other impact via a crafted WebP image.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=875071"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098246.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?84c0bfb7"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098247.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1a9ffb2c"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098248.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fae6934a"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098249.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fc7a9da6"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:OpenImageIO");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:leptonica");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libwebp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"OpenImageIO-1.0.11-2.fc17")) flag++;
if (rpm_check(release:"FC17", reference:"gdal-1.9.1-14.fc17.1")) flag++;
if (rpm_check(release:"FC17", reference:"leptonica-1.69-5.fc17")) flag++;
if (rpm_check(release:"FC17", reference:"libwebp-0.2.1-1.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenImageIO / gdal / leptonica / libwebp");
}
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-1490.NASL
    descriptionSecurity libwebp release, where an integer overflow allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-02-04
    plugin id64449
    published2013-02-04
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64449
    titleFedora 18 : OpenImageIO-1.0.11-2.fc18 / gdal-1.9.1-14.fc18.1 / leptonica-1.69-5.fc18 / etc (2013-1490)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-1490.
#

include("compat.inc");

if (description)
{
  script_id(64449);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-5127");
  script_bugtraq_id(56413);
  script_xref(name:"FEDORA", value:"2013-1490");

  script_name(english:"Fedora 18 : OpenImageIO-1.0.11-2.fc18 / gdal-1.9.1-14.fc18.1 / leptonica-1.69-5.fc18 / etc (2013-1490)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security libwebp release, where an integer overflow allows remote
attackers to cause a denial of service (out-of-bounds read) or
possibly have unspecified other impact via a crafted WebP image.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=875071"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098230.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?21d11032"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098231.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?5eee8d15"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098232.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?736babc6"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098233.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f8da28e7"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:OpenImageIO");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gdal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:leptonica");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libwebp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC18", reference:"OpenImageIO-1.0.11-2.fc18")) flag++;
if (rpm_check(release:"FC18", reference:"gdal-1.9.1-14.fc18.1")) flag++;
if (rpm_check(release:"FC18", reference:"leptonica-1.69-5.fc18")) flag++;
if (rpm_check(release:"FC18", reference:"libwebp-0.2.1-1.fc18")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenImageIO / gdal / leptonica / libwebp");
}
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-1494.NASL
    descriptionSecurity libwebp release, where an integer overflow allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-02-04
    plugin id64450
    published2013-02-04
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64450
    titleFedora 16 : OpenImageIO-1.0.11-2.fc16 / gdal-1.7.3-15.fc16 / libwebp-0.2.1-1.fc16 (2013-1494)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70112
    published2013-09-25
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70112
    titleGLSA-201309-16 : Chromium, V8: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_209C068D28BE11E2916000262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : [157079] Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. [Linux 64-bit only] [150729] Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. [143761] High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz. [Mac OS only] [149717] High CVE-2012-5118: Integer bounds check issue in GPU command buffers. Credit to miaubiz. [154055] High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG. [145915] Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Grobert of the Google Security Team. [149759] Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team. [154465] Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno). [154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno). [155323] High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community. [156051] Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community. [156366] Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno). [157124] High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar).
    last seen2020-06-01
    modified2020-06-02
    plugin id62856
    published2012-11-08
    reporterThis script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62856
    titleFreeBSD : chromium -- multiple vulnerabilities (209c068d-28be-11e2-9160-00262d5ed8ee)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201312-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201312-08 (WebP: User-assisted execution of arbitrary code) An integer overflow flaw has been found in WebP. Impact : A remote attacker could entice a user to open a specially crafted image in an application linked against WebP, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id71286
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71286
    titleGLSA-201312-08 : WebP: User-assisted execution of arbitrary code

Oval

accepted2013-08-12T04:08:11.045-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionInteger overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.
familywindows
idoval:org.mitre.oval:def:15943
statusaccepted
submitted2012-11-07T10:16:29.050-05:00
titleInteger overflow in Google Chrome before 23.0.1271.64 via a crafted WebP image
version42

References