Vulnerabilities > CVE-2012-5127 - Numeric Errors vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id GOOGLE_CHROME_23_0_1271_64.NASL description The version of Google Chrome installed on the remote host is earlier than 23.0.1271.64 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to SVG filter handling, video layout, extension tab handling and plug-in placeholder handling. (CVE-2012-5116, CVE-2012-5121, CVE-2012-5125, CVE-2012-5126) - An error exists related to inappropriate SVG subresource loading in the last seen 2020-06-01 modified 2020-06-02 plugin id 62861 published 2012-11-08 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62861 title Google Chrome < 23.0.1271.64 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62861); script_version("1.9"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2012-5116", "CVE-2012-5117", "CVE-2012-5119", "CVE-2012-5121", "CVE-2012-5122", "CVE-2012-5123", "CVE-2012-5124", "CVE-2012-5125", "CVE-2012-5126", "CVE-2012-5127", "CVE-2012-5128" ); script_bugtraq_id(56413); script_name(english:"Google Chrome < 23.0.1271.64 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Google Chrome"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote host is earlier than 23.0.1271.64 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to SVG filter handling, video layout, extension tab handling and plug-in placeholder handling. (CVE-2012-5116, CVE-2012-5121, CVE-2012-5125, CVE-2012-5126) - An error exists related to inappropriate SVG subresource loading in the 'img' context. (CVE-2012-5117) - A race condition exists related to 'Pepper' buffer handling. (CVE-2012-5119) - A bad cast error exists related to input handling. (CVE-2012-5122) - Out-of-bounds reads exist related to Skia. (CVE-2012-5123) - A memory corruption error exists related to texture handling. (CVE-2012-5124) - An integer overflow error exists related to 'WebP' handling. This error can lead to out-of-bounds reads. (CVE-2012-5127) - An improper write error exists related to the 'v8' JavaScript engine. (CVE-2012-5128) Successful exploitation of any of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user's privileges."); # https://chromereleases.googleblog.com/2012/11/stable-channel-release-and-beta-channel.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a3dbf13e"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 23.0.1271.64 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5128"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/06"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'23.0.1271.64', severity:SECURITY_HOLE);
NASL family Fedora Local Security Checks NASL id FEDORA_2013-1473.NASL description Security libwebp release, where an integer overflow allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-04 plugin id 64448 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64448 title Fedora 17 : OpenImageIO-1.0.11-2.fc17 / gdal-1.9.1-14.fc17.1 / leptonica-1.69-5.fc17 / etc (2013-1473) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-1473. # include("compat.inc"); if (description) { script_id(64448); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-5127"); script_bugtraq_id(56413); script_xref(name:"FEDORA", value:"2013-1473"); script_name(english:"Fedora 17 : OpenImageIO-1.0.11-2.fc17 / gdal-1.9.1-14.fc17.1 / leptonica-1.69-5.fc17 / etc (2013-1473)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security libwebp release, where an integer overflow allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=875071" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098246.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?84c0bfb7" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098247.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1a9ffb2c" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098248.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fae6934a" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098249.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fc7a9da6" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:OpenImageIO"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gdal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:leptonica"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libwebp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"OpenImageIO-1.0.11-2.fc17")) flag++; if (rpm_check(release:"FC17", reference:"gdal-1.9.1-14.fc17.1")) flag++; if (rpm_check(release:"FC17", reference:"leptonica-1.69-5.fc17")) flag++; if (rpm_check(release:"FC17", reference:"libwebp-0.2.1-1.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenImageIO / gdal / leptonica / libwebp"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2013-1490.NASL description Security libwebp release, where an integer overflow allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-04 plugin id 64449 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64449 title Fedora 18 : OpenImageIO-1.0.11-2.fc18 / gdal-1.9.1-14.fc18.1 / leptonica-1.69-5.fc18 / etc (2013-1490) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-1490. # include("compat.inc"); if (description) { script_id(64449); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-5127"); script_bugtraq_id(56413); script_xref(name:"FEDORA", value:"2013-1490"); script_name(english:"Fedora 18 : OpenImageIO-1.0.11-2.fc18 / gdal-1.9.1-14.fc18.1 / leptonica-1.69-5.fc18 / etc (2013-1490)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security libwebp release, where an integer overflow allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=875071" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098230.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?21d11032" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098231.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5eee8d15" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098232.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?736babc6" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098233.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f8da28e7" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:OpenImageIO"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gdal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:leptonica"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libwebp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"OpenImageIO-1.0.11-2.fc18")) flag++; if (rpm_check(release:"FC18", reference:"gdal-1.9.1-14.fc18.1")) flag++; if (rpm_check(release:"FC18", reference:"leptonica-1.69-5.fc18")) flag++; if (rpm_check(release:"FC18", reference:"libwebp-0.2.1-1.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenImageIO / gdal / leptonica / libwebp"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2013-1494.NASL description Security libwebp release, where an integer overflow allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-04 plugin id 64450 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64450 title Fedora 16 : OpenImageIO-1.0.11-2.fc16 / gdal-1.7.3-15.fc16 / libwebp-0.2.1-1.fc16 (2013-1494) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-16.NASL description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70112 published 2013-09-25 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70112 title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_209C068D28BE11E2916000262D5ED8EE.NASL description Google Chrome Releases reports : [157079] Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. [Linux 64-bit only] [150729] Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. [143761] High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz. [Mac OS only] [149717] High CVE-2012-5118: Integer bounds check issue in GPU command buffers. Credit to miaubiz. [154055] High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG. [145915] Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Grobert of the Google Security Team. [149759] Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team. [154465] Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno). [154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno). [155323] High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community. [156051] Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community. [156366] Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno). [157124] High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar). last seen 2020-06-01 modified 2020-06-02 plugin id 62856 published 2012-11-08 reporter This script is Copyright (C) 2012-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62856 title FreeBSD : chromium -- multiple vulnerabilities (209c068d-28be-11e2-9160-00262d5ed8ee) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201312-08.NASL description The remote host is affected by the vulnerability described in GLSA-201312-08 (WebP: User-assisted execution of arbitrary code) An integer overflow flaw has been found in WebP. Impact : A remote attacker could entice a user to open a specially crafted image in an application linked against WebP, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71286 published 2013-12-10 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71286 title GLSA-201312-08 : WebP: User-assisted execution of arbitrary code
Oval
accepted | 2013-08-12T04:08:11.045-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. | ||||||||
family | windows | ||||||||
id | oval:org.mitre.oval:def:15943 | ||||||||
status | accepted | ||||||||
submitted | 2012-11-07T10:16:29.050-05:00 | ||||||||
title | Integer overflow in Google Chrome before 23.0.1271.64 via a crafted WebP image | ||||||||
version | 42 |
References
- https://code.google.com/p/chromium/issues/detail?id=157079
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15943
- http://www.securityfocus.com/bid/56413
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79862
- http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html
- http://osvdb.org/87079