Vulnerabilities > CVE-2012-5145 - Use After Free vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.

Vulnerable Configurations

Part Description Count
OS
Opensuse
2
Application
Google
2650

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idGOOGLE_CHROME_24_0_1312_52.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 24.0.1312.52 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to SVG layout, DOM handling, video seeking, PDF fields and printing. (CVE-2012-5145, CVE-2012-5147, CVE-2012-5150, CVE-2012-5156, CVE-2013-0832) - An error related to malformed URLs can allow a Same Origin Policy (SOP) bypass, thereby allowing cross-site scripting attacks. (CVE-2012-5146) - A user-input validation error exists related to filenames and hyphenation support. (CVE-2012-5148) - Integer overflow errors exist related to audio IPC handling, PDF JavaScript and shared memory allocation. (CVE-2012-5149, CVE-2012-5151, CVE-2012-5154) - Out-of-bounds read errors exist related to video seeking, PDF image handling, printing and glyph handling. (CVE-2012-5152, CVE-2012-5157, CVE-2012-0833, CVE-2012-0834) - An out-of-bounds stack access error exists in the v8 JavaScript engine. (CVE-2012-5153) - A casting error exists related to PDF
    last seen2020-06-01
    modified2020-06-02
    plugin id63468
    published2013-01-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63468
    titleGoogle Chrome < 24.0.1312.52 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63468);
      script_version("1.19");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-5145",
        "CVE-2012-5146",
        "CVE-2012-5147",
        "CVE-2012-5148",
        "CVE-2012-5149",
        "CVE-2012-5150",
        "CVE-2012-5151",
        "CVE-2012-5152",
        "CVE-2012-5153",
        "CVE-2012-5154",
        "CVE-2012-5156",
        "CVE-2012-5157",
        "CVE-2013-0630",
        "CVE-2013-0828",
        "CVE-2013-0829",
        "CVE-2013-0830",
        "CVE-2013-0831",
        "CVE-2013-0832",
        "CVE-2013-0833",
        "CVE-2013-0834",
        "CVE-2013-0835",
        "CVE-2013-0836",
        "CVE-2013-0837"
      );
      script_bugtraq_id(
        57184,
        59413,
        59414,
        59415,
        59416,
        59417,
        59418,
        59419,
        59420,
        59422,
        59423,
        59424,
        59425,
        59426,
        59427,
        59428,
        59429,
        59430,
        59431,
        59435,
        59436,
        59437,
        59438
      );
    
      script_name(english:"Google Chrome < 24.0.1312.52 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Google Chrome");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote host is earlier
    than 24.0.1312.52 and is, therefore, affected by the following
    vulnerabilities :
    
      - Use-after-free errors exist related to SVG layout,
        DOM handling, video seeking, PDF fields and printing.
        (CVE-2012-5145, CVE-2012-5147, CVE-2012-5150,
        CVE-2012-5156, CVE-2013-0832)
    
      - An error related to malformed URLs can allow a Same
        Origin Policy (SOP) bypass, thereby allowing cross-site
        scripting attacks. (CVE-2012-5146)
    
      - A user-input validation error exists related to filenames
        and hyphenation support. (CVE-2012-5148)
    
      - Integer overflow errors exist related to audio IPC
        handling, PDF JavaScript and shared memory allocation.
        (CVE-2012-5149, CVE-2012-5151, CVE-2012-5154)
    
      - Out-of-bounds read errors exist related to video
        seeking, PDF image handling, printing and glyph
        handling. (CVE-2012-5152, CVE-2012-5157,
        CVE-2012-0833, CVE-2012-0834)
    
      - An out-of-bounds stack access error exists in the
        v8 JavaScript engine. (CVE-2012-5153)
    
      - A casting error exists related to PDF 'root' handling.
        (CVE-2013-0828)
    
      - An unspecified error exists that can corrupt database
        metadata leading to incorrect file access.
        (CVE-2013-0829)
    
      - An error exists related to IPC and 'NUL' termination.
        (CVE-2013-0830)
    
      - An error exists related to extensions that may allow
        improper path traversals. (CVE-2013-0831)
    
      - An unspecified error exists related to geolocation.
        (CVE-2013-0835)
    
      - An unspecified error exists related to garbage
        collection in the v8 JavaScript engine. (CVE-2013-0836)
    
      - An unspecified error exists related to extension tab
        handling. (CVE-2013-0837)
    
      - The bundled version of Adobe Flash Player contains
        flaws that can lead to arbitrary code execution.
        (CVE-2013-0630)
    
    Successful exploitation of some of these issues could lead to an
    application crash or even allow arbitrary code execution, subject to the
    user's privileges.");
      # https://chromereleases.googleblog.com/2013/01/stable-channel-update.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d71ffa01");
      script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb13-01.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome 24.0.1312.52 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0630");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("SMB/Google_Chrome/Installed");
    
    installs = get_kb_list("SMB/Google_Chrome/*");
    google_chrome_check_version(installs:installs, fix:'24.0.1312.52', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-72.NASL
    description - Update to 26.0.1383 - Security fixes (bnc#798326) - CVE-2012-5145: Use-after-free in SVG layout - CVE-2012-5146: Same origin policy bypass with malformed URL - CVE-2012-5147: Use-after-free in DOM handling - CVE-2012-5148: Missing filename sanitization in hyphenation support - CVE-2012-5149: Integer overflow in audio IPC handling - CVE-2012-5150: Use-after-free when seeking video - CVE-2012-5152: Out-of-bounds read when seeking video - CVE-2012-5153: Out-of-bounds stack access in v8. - CVE-2012-5154: Integer overflow in shared memory allocation - CVE-2013-0830: Missing NUL termination in IPC. - CVE-2013-0831: Possible path traversal from extension process - CVE-2013-0832: Use-after-free with printing. - CVE-2013-0833: Out-of-bounds read with printing. - CVE-2013-0834: Out-of-bounds read with glyph handling - CVE-2013-0835: Browser crash with geolocation - CVE-2013-0836: Crash in v8 garbage collection. - CVE-2013-0837: Crash in extension tab handling. - CVE-2013-0838: Tighten permissions on shared memory segments - Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for openSUSE Chromium builds ONLY!! (Setup was done based on indication from Pawel Hajdan) - Change the default setting for password-store to basic. (bnc#795860) - Fixes from Update to 25.0.1352 - Fixed garbled header and footer text in print preview. - Fixed broken profile with system-wide installation and - Fixed stability crashes like 158747, 159437, 149139, 160914, - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. - (gtk) Fixed <input> selection renders white text on white - Fixed translate infobar button to show selected language. - Update to 25.0.1329 - No further indications in the ChangeLog - Update to 25.0.1319 - No further indications in the Changelog - Update to 24.0.1308 - Updated V8 - 3.14.5.0 - Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. - Fixed chromium issues 155871, 154173, 155133. - No further indications in the ChangeLog. - Update to 24.0.1283
    last seen2020-06-05
    modified2014-06-13
    plugin id75155
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75155
    titleopenSUSE Security Update : chromium (openSUSE-SU-2013:0236-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_46BD747B5B8411E2B06D00262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to Jose A. Vazquez. [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh). [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans). [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno). [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno). [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community. [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes). [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Juri Aedla). [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez). [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar). [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar). [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar). [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis. [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar). [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen. [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer).
    last seen2020-06-01
    modified2020-06-02
    plugin id63469
    published2013-01-11
    reporterThis script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63469
    titleFreeBSD : chromium -- multiple vulnerabilities (46bd747b-5b84-11e2-b06d-00262d5ed8ee)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70112
    published2013-09-25
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70112
    titleGLSA-201309-16 : Chromium, V8: Multiple vulnerabilities

Oval

accepted2013-08-12T04:08:17.569-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionUse-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.
familywindows
idoval:org.mitre.oval:def:16207
statusaccepted
submitted2013-01-16T09:35:49.141-05:00
titleUse-after-free vulnerability in Google Chrome before 24.0.1312.52 via vectors related to SVG layout
version44