Vulnerabilities > CVE-2017-5133 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2017-9015553E3D.NASL description An update of QtWebEngine to the security and bugfix release 5.9.3, including : - Security fixes from Chromium up to version 62.0.3202.89. Including: CVE-2017-5124, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5132, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15390, CVE-2017-15392, CVE-2017-15394, CVE-2017-15396, CVE-2017-15398. - QtWebEngineCore: [QTBUG-64032] Fix crash after resizing view to be empty. - QtWebEngine[QML]: Fix loading some favicons including qt.io last seen 2020-06-05 modified 2017-12-05 plugin id 105012 published 2017-12-05 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105012 title Fedora 25 : qt5-qtwebengine (2017-9015553e3d) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-9015553e3d. # include("compat.inc"); if (description) { script_id(105012); script_version("3.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-15386", "CVE-2017-15387", "CVE-2017-15388", "CVE-2017-15390", "CVE-2017-15392", "CVE-2017-15394", "CVE-2017-15396", "CVE-2017-15398", "CVE-2017-5124", "CVE-2017-5126", "CVE-2017-5127", "CVE-2017-5128", "CVE-2017-5129", "CVE-2017-5132", "CVE-2017-5133"); script_xref(name:"FEDORA", value:"2017-9015553e3d"); script_name(english:"Fedora 25 : qt5-qtwebengine (2017-9015553e3d)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "An update of QtWebEngine to the security and bugfix release 5.9.3, including : - Security fixes from Chromium up to version 62.0.3202.89. Including: CVE-2017-5124, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5132, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15390, CVE-2017-15392, CVE-2017-15394, CVE-2017-15396, CVE-2017-15398. - QtWebEngineCore: [QTBUG-64032] Fix crash after resizing view to be empty. - QtWebEngine[QML]: Fix loading some favicons including qt.io's - QtWebEngineWidgets: [QTBUG-62147] Fix crash on shutdown if a QWebEngineProfile was child of QApplication. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9015553e3d" ); script_set_attribute( attribute:"solution", value:"Update the affected qt5-qtwebengine package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/07"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC25", reference:"qt5-qtwebengine-5.9.3-1.fc25")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt5-qtwebengine"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201710-24.NASL description The remote host is affected by the vulnerability described in GLSA-201710-24 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass content security controls, or conduct URL spoofing. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 104067 published 2017-10-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104067 title GLSA-201710-24 : Chromium, Google Chrome: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201710-24. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(104067); script_version("3.6"); script_cvs_date("Date: 2019/04/10 16:10:17"); script_cve_id("CVE-2017-15386", "CVE-2017-15387", "CVE-2017-15388", "CVE-2017-15389", "CVE-2017-15390", "CVE-2017-15391", "CVE-2017-15392", "CVE-2017-15393", "CVE-2017-15394", "CVE-2017-15395", "CVE-2017-5124", "CVE-2017-5125", "CVE-2017-5126", "CVE-2017-5127", "CVE-2017-5128", "CVE-2017-5129", "CVE-2017-5130", "CVE-2017-5131", "CVE-2017-5132", "CVE-2017-5133"); script_xref(name:"GLSA", value:"201710-24"); script_name(english:"GLSA-201710-24 : Chromium, Google Chrome: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201710-24 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass content security controls, or conduct URL spoofing. Workaround : There is no known workaround at this time." ); # https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?441fea3d" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201710-24" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-62.0.3202.62' All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/google-chrome-62.0.3202.62'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:google-chrome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 62.0.3202.62"), vulnerable:make_list("lt 62.0.3202.62"))) flag++; if (qpkg_check(package:"www-client/google-chrome", unaffected:make_list("ge 62.0.3202.62"), vulnerable:make_list("lt 62.0.3202.62"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / Google Chrome"); }
NASL family Windows NASL id GOOGLE_CHROME_62_0_3202_62.NASL description The version of Google Chrome installed on the remote Windows host is prior to 62.0.3202.62. It is, therefore, affected by multiple vulnerabilities as noted in Chrome stable channel update release notes. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 103933 published 2017-10-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103933 title Google Chrome < 62.0.3202.62 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(103933); script_version("1.8"); script_cvs_date("Date: 2019/11/12"); script_cve_id( "CVE-2017-5124", "CVE-2017-5125", "CVE-2017-5126", "CVE-2017-5127", "CVE-2017-5128", "CVE-2017-5129", "CVE-2017-5130", "CVE-2017-5131", "CVE-2017-5132", "CVE-2017-5133", "CVE-2017-15386", "CVE-2017-15387", "CVE-2017-15388", "CVE-2017-15389", "CVE-2017-15390", "CVE-2017-15391", "CVE-2017-15392", "CVE-2017-15393", "CVE-2017-15394", "CVE-2017-15395" ); script_name(english:"Google Chrome < 62.0.3202.62 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Google Chrome."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Windows host is prior to 62.0.3202.62. It is, therefore, affected by multiple vulnerabilities as noted in Chrome stable channel update release notes. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number."); # https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?441fea3d"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 62.0.3202.62 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5133"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'62.0.3202.62', severity:SECURITY_WARNING);
NASL family Fedora Local Security Checks NASL id FEDORA_2017-4D90E9FC97.NASL description An update of QtWebEngine to the security and bugfix release 5.9.3, including : - Security fixes from Chromium up to version 62.0.3202.89. Including: CVE-2017-5124, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5132, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15390, CVE-2017-15392, CVE-2017-15394, CVE-2017-15396, CVE-2017-15398. - QtWebEngineCore: [QTBUG-64032] Fix crash after resizing view to be empty. - QtWebEngine[QML]: Fix loading some favicons including qt.io last seen 2020-06-05 modified 2017-12-05 plugin id 105010 published 2017-12-05 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105010 title Fedora 26 : qt5-qtwebengine (2017-4d90e9fc97) NASL family Fedora Local Security Checks NASL id FEDORA_2017-EA44F172E3.NASL description Security fix for CVE-2017-15412 CVE-2017-15422 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15429 ---- Security fix for CVE-2017-15398, CVE-2017-15399 ---- Security fix for CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127. Build switched to use gtk3. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-02 plugin id 105501 published 2018-01-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105501 title Fedora 26 : chromium (2017-ea44f172e3) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2997.NASL description An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 62.0.3202.62. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5130, CVE-2017-5132, CVE-2017-5131, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395) last seen 2020-05-31 modified 2017-10-23 plugin id 104091 published 2017-10-23 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104091 title RHEL 6 : chromium-browser (RHSA-2017:2997) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4020.NASL description Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release (jessie), Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encouraged to upgrade now to the current stable release (stretch), Debian 9. An alternative is to switch to the firefox browser, which will continue to receive security updates in jessie for some time. - CVE-2017-5124 A cross-site scripting issue was discovered in MHTML. - CVE-2017-5125 A heap overflow issue was discovered in the skia library. - CVE-2017-5126 Luat Nguyen discovered a use-after-free issue in the pdfium library. - CVE-2017-5127 Luat Nguyen discovered another use-after-free issue in the pdfium library. - CVE-2017-5128 Omair discovered a heap overflow issue in the WebGL implementation. - CVE-2017-5129 Omair discovered a use-after-free issue in the WebAudio implementation. - CVE-2017-5131 An out-of-bounds write issue was discovered in the skia library. - CVE-2017-5132 Guarav Dewan discovered an error in the WebAssembly implementation. - CVE-2017-5133 Aleksandar Nikolic discovered an out-of-bounds write issue in the skia library. - CVE-2017-15386 WenXu Wu discovered a user interface spoofing issue. - CVE-2017-15387 Jun Kokatsu discovered a way to bypass the content security policy. - CVE-2017-15388 Kushal Arvind Shah discovered an out-of-bounds read issue in the skia library. - CVE-2017-15389 xisigr discovered a URL spoofing issue. - CVE-2017-15390 Haosheng Wang discovered a URL spoofing issue. - CVE-2017-15391 Joao Lucas Melo Brasio discovered a way for an extension to bypass its limitations. - CVE-2017-15392 Xiaoyin Liu discovered an error the implementation of registry keys. - CVE-2017-15393 Svyat Mitin discovered an issue in the devtools. - CVE-2017-15394 Sam discovered a URL spoofing issue. - CVE-2017-15395 Johannes Bergman discovered a NULL pointer dereference issue. - CVE-2017-15396 Yuan Deng discovered a stack overflow issue in the v8 JavaScript library. last seen 2020-06-01 modified 2020-06-02 plugin id 104414 published 2017-11-07 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104414 title Debian DSA-4020-1 : chromium-browser - security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A692BFFEB6AD11E7A1C2E8E0B747A45A.NASL description Google Chrome Releases reports : 35 security fixes in this release, including : - [762930] High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 - [749147] High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 - [760455] High CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-08-30 - [765384] High CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-09-14 - [765469] High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14 - [765495] High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15 - [718858] High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan of Adobe Systems India Pvt. Ltd. on 2017-05-05 - [722079] High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde on 2017-05-14 - [744109] Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16 - [762106] Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05 - [752003] Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent last seen 2020-06-01 modified 2020-06-02 plugin id 104063 published 2017-10-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104063 title FreeBSD : chromium -- multiple vulnerabilities (a692bffe-b6ad-11e7-a1c2-e8e0b747a45a) NASL family Fedora Local Security Checks NASL id FEDORA_2017-15B815B9B7.NASL description An update of QtWebEngine to the security and bugfix release 5.9.3, including : - Security fixes from Chromium up to version 62.0.3202.89. Including: CVE-2017-5124, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5132, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15390, CVE-2017-15392, CVE-2017-15394, CVE-2017-15396, CVE-2017-15398. - QtWebEngineCore: [QTBUG-64032] Fix crash after resizing view to be empty. - QtWebEngine[QML]: Fix loading some favicons including qt.io last seen 2020-06-05 modified 2018-01-15 plugin id 105822 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105822 title Fedora 27 : qt5-qtwebengine (2017-15b815b9b7) NASL family Fedora Local Security Checks NASL id FEDORA_2017-F2F3FA09E3.NASL description Security fix for CVE-2017-15398, CVE-2017-15399 ---- Security fix for CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127. Build switched to use gtk3. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 106002 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106002 title Fedora 27 : chromium (2017-f2f3fa09e3) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1221.NASL description This update to Chromium 62.0.3202.75 fixes the following security issues : - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after free in WebAudio - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2 - CVE-2017-5131: Out of bounds write in Skia - CVE-2017-5133: Out of bounds write in Skia - CVE-2017-15386: UI spoofing in Blink - CVE-2017-15387: Content security bypass - CVE-2017-15388: Out of bounds read in Skia - CVE-2017-15389: URL spoofing in OmniBox - CVE-2017-15390: URL spoofing in OmniBox - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration - CVE-2017-15393: Referrer leak in Devtools - CVE-2017-15394: URL spoofing in extensions UI - CVE-2017-15395: NULL pointer dereference in ImageCapture - CVE-2017-15396: Stack overflow in V8 last seen 2020-06-05 modified 2017-10-30 plugin id 104244 published 2017-10-30 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104244 title openSUSE Security Update : chromium (openSUSE-2017-1221) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_62_0_3202_62.NASL description The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 62.0.32. It is, therefore, affected by multiple vulnerabilities as noted in Chrome stable channel update release notes for October 17th 2017. Please refer to the release notes for additional information. last seen 2020-06-01 modified 2020-06-02 plugin id 103934 published 2017-10-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103934 title Google Chrome < 62.0.3202.62 Multiple Vulnerabilities (macOS)
Redhat
advisories |
| ||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | ### Summary An off-by-one read/write on the heap vulnerability exists in the TIFF image decoder functionality of Pdfium as used by Google Chrome up to and including 60.0.3112.101. A specially crafted PDF file can trigger an off-by-one read and write on the heap resulting in memory corruption and a possible information leak and potential code execution. The victim needs to open a malicious PDF in the browser in order to trigger this vulnerability. ### Tested Versions Google Chrome 60.0.3112.101 ### Product URLs https://pdfium.googlesource.com ### CVSSv3 Score 7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H ### CWE CWE-193: Off-by-one Error ### Details Pdfium is an open source PDF renderer developed by Google and used extensively in the Chrome browser, online services as well as other standalone applications. This bug was triaged on the latest git version as well as the latest chromium address sanitizer build available (asan-linux-release-498039). A heap-buffer overflow is present in the code responsible for decoding a compressed TIFF image stream. While parsing pixel data of the flate decoded image stream, the function TIFF_PredictLine is reached: ``` void TIFF\_PredictLine(uint8_t* dest_buf, uint32_t row_size, int BitsPerComponent, int Colors, int Columns) { int BytesPerPixel = BitsPerComponent * Colors / 8; if (BitsPerComponent == 16) { for (uint32_t i = BytesPerPixel; i < row_size; i += 2) { uint16_t pixel = (dest_buf[i - BytesPerPixel] << 8) | dest_buf[i - BytesPerPixel + 1]; pixel += (dest_buf[i] << 8) | dest_buf[i + 1]; dest_buf[i] = pixel >> 8; dest_buf[i + 1] = (uint8_t)pixel; ``` In the above code, during the for loop, 4 bytes will always be read from `dest_buffer` even if the length of the buffer is less than that. This can potentially lead to an off-by-one read on the heap, followed immediately by an off-by-one write. In order to reach the buggy code and trigger the vulnerable state, a couple of conditions need to be satisfied. In the previous function , `TIFF_Predictor`, we see: ``` bool TIFF_Predictor(uint8_t*& data_buf, uint32_t& data_size, int Colors, int BitsPerComponent, int Columns) { int row_size = (Colors * BitsPerComponent * Columns + 7) / 8; [1] if (row_size == 0) return false; const int row_count = (data_size + row_size - 1) / row_size; const int last_row_size = data_size % row_size; [2] for (int row = 0; row < row_count; row++) { uint8_t* scan_line = data_buf + row * row_size; if ((row + 1) * row_size > (int)data_size) { row_size = last_row_size; [3] } TIFF_PredictLine(scan_line, row_size, BitsPerComponent, Colors, Columns); [4] } return true; ``` At [1], `row_size` is calculated and is a multiple of 8. At [2], the data size of the last row is calculated, as input data might not have a multiple of `row_size` bytes available. When the last row is being used (if the next row would end up outside the data size) row_size is set to `last_row_size` at [3]. At [4], vulnerable function `TIFF_PredictLine` is called with the calculated rowsize. If we line up the buffer sizes and `last_row_size` properly, this can result in `lastrow_size` being 3, where `Tiff_PredictLine` actually reads/writes 4 bytes from the data buffer , leading to off-by-one read/write. A sample PDF to trigger this bug is: ``` %PDF-1.6 47 0 obj <</DecodeParms << /Columns 2 /Colors 1 /BitsPerComponent 16 /Predictor 2>> /Filter/FlateDecode /W[0 0 0]>> stream ... endstream endobj startxref 30 %%EOF ``` The content of the stream above just needs to satisfy one condition and that is that it must decode to a length that would result in 3 in the calculation at [2] in the previously mentioned code. The lowest length that satisfies these and some of the previously mentioned conditions is 23. The values of `Columns`, `Colors` and uncompressed stream lengths can be adjusted to control the sizes of the buffers, number of loops and bytes accessed and all ultimately get passed to their corresponding values to the functions that we mentioned. Depending on the underlying allocator and other variables, abusing this bug for information leaks or memory overwrite might or might not be possible, but it could potentially be combined with other vulnerabilities to cause further memory corruption. ### Crash Information Address Sanitizer output from latest build at the time (`asan-linux-release-498039`) ``` Rendering PDF file poc_test.pdf. ================================================================= ==67198==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000003177 at pc 0x0000025b0826 bp 0x7fffffffcf70 sp 0x7fffffffcf68 READ of size 1 at 0x603000003177 thread T0 #0 0x25b0825 in _ZN12_GLOBAL__N_116TIFF_PredictLineEPhjiii ./out/Release/../../third_party/pdfium/core/fxcodec/codec/fx_codec_flate.cpp:478 #1 0x25b0825 in ?? ??:0 #2 0x25b2646 in TIFF_Predictor ./out/Release/../../third_party/pdfium/core/fxcodec/codec/fx_codec_flate.cpp:504 #3 0x25b2646 in FlateOrLZWDecode ./out/Release/../../third_party/pdfium/core/fxcodec/codec/fx_codec_flate.cpp:805 #4 0x25b2646 in ?? ??:0 #5 0x2423440 in _Z24FPDFAPI_FlateOrLZWDecodebPKhjP15CPDF_DictionaryjPPhPj ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.cpp:319 #6 0x2423440 in ?? ??:0 #7 0x24240a9 in _Z14PDF_DataDecodePKhjPK15CPDF_DictionaryjbPPhPjP14CFX_ByteStringPPS1_ crtstuff.c:? #8 0x24240a9 in ?? ??:0 #9 0x2412602 in _ZN14CPDF_StreamAcc11LoadAllDataEbjb ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/cpdf_stream_acc.cpp:45 #10 0x2412602 in ?? ??:0 #11 0x23faa1b in _ZN11CPDF_Parser14LoadCrossRefV5EPlb ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/cpdf_parser.cpp:1085 #12 0x23faa1b in ?? ??:0 #13 0x23ed71a in _ZN11CPDF_Parser17LoadAllCrossRefV5El ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/cpdf_parser.cpp:645 #14 0x23ed71a in ?? ??:0 #15 0x23eaf90 in _ZN11CPDF_Parser18StartParseInternalEP13CPDF_Document ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/cpdf_parser.cpp:248 #16 0x23eaf90 in ?? ??:0 #17 0x20f747b in _ZN12_GLOBAL__N_116LoadDocumentImplERK13CFX_RetainPtrI22IFX_SeekableReadStreamEPKc ./out/Release/../../third_party/pdfium/fpdfsdk/fpdfview.cpp:288 #18 0x20f747b in ?? ??:0 #19 0x20f7734 in FPDF_LoadCustomDocument ./out/Release/../../third_party/pdfium/fpdfsdk/fpdfview.cpp:629 #20 0x20f7734 in ?? ??:0 #21 0x4f64b0 in ZB12_GLOBAL__N_19RenderPdfERKNSt3__112basic_stringIcNS0_11char_traitslcEENS0_9allocatorlcEEEEPKcmRKNS_7Options ES8_ ./out/Release/../../third_party/pdfium/samples/pdfium_test.cc:1406 #22 0x4f64b0 in ?? ??:0 #23 0x4f3b7f in main ./out/Release/../../third_party/pdfium/samples/pdfium_test.cc:1624 #24 0x4f3b7f in ?? ??:0 #25 0x7ffff624e82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 #26 0x7ffff624e82f in ?? ??:0 0x603000003177 is located 0 bytes to the right of 23-byte region [0x603000003160,0x603000003177) allocated by thread T0 here: #0 0x4c48e3 in __interceptor_malloc ??:? #1 0x4c48e3 in ?? ??:0 #2 0x25b2106 in PartitionAllocGenericFlags ./out/Release/../../third_party/pdfium/third_party/base/allocator/partition_allocator/partition_alloc.h:787 #3 0x25b2106 in FX_SafeAlloc ./out/Release/../../third_party/pdfium/core/fxcrt/fx_memory.h:46 #4 0x25b2106 in FX_AllocOrDie ./out/Release/../../third_party/pdfium/core/fxcrt/fx_memory.h:67 #5 0x25b2106 in FlateUncompress ./out/Release/../../third_party/pdfium/core/fxcodec/codec/fx_codec_flate.cpp:556 #6 0x25b2106 in FlateOrLZWDecode ./out/Release/../../third_party/pdfium/core/fxcodec/codec/fx_codec_flate.cpp:794 #7 0x25b2106 in ?? ??:0 #8 0x2423440 in _Z24FPDFAPI_FlateOrLZWDecodebPKhjP15CPDF_DictionaryjPPhPj ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/fpdf_parser_decode.cpp:319 #9 0x2423440 in ?? ??:0 #10 0x24240a9 in _Z14PDF_DataDecodePKhjPK15CPDF_DictionaryjbPPhPjP14CFX_ByteStringPPS1_ crtstuff.c:? #11 0x24240a9 in ?? ??:0 #12 0x2412602 in _ZN14CPDF_StreamAcc11LoadAllDataEbjb ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/cpdf_stream_acc.cpp:45 #13 0x2412602 in ?? ??:0 #14 0x23faa1b in _ZN11CPDF_Parser14LoadCrossRefV5EPlb ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/cpdf_parser.cpp:1085 #15 0x23faa1b in ?? ??:0 #16 0x23ed71a in _ZN11CPDF_Parser17LoadAllCrossRefV5El ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/cpdf_parser.cpp:645 #17 0x23ed71a in ?? ??:0 #18 0x23eaf90 in _ZN11CPDF_Parser18StartParseInternalEP13CPDF_Document ./out/Release/../../third_party/pdfium/core/fpdfapi/parser/cpdf_parser.cpp:248 #19 0x23eaf90 in ?? ??:0 #20 0x20f747b in _ZN12_GLOBAL__N_116LoadDocumentImplERK13CFX_RetainPtrI22IFX_SeekableReadStreamEPKc ./out/Release/../../third_party/pdfium/fpdfsdk/fpdfview.cpp:288 #21 0x20f747b in ?? ??:0 #22 0x20f7734 in FPDF_LoadCustomDocument ./out/Release/../../third_party/pdfium/fpdfsdk/fpdfview.cpp:629 #23 0x20f7734 in ?? ??:0 #24 0x4f64b0 in ZN12_GLOBAL_N_19RenderPdfERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEEPKcmRKNS_7OptionsE S8_ ./out/Release/../../third_party/pdfium/samples/pdfium_test.cc:1406 #25 0x4f64b0 in ?? ??:0 #26 0x4f3b7f in main ./out/Release/../../third_party/pdfium/samples/pdfium_test.cc:1624 #27 0x4f3b7f in ?? ??:0 #28 0x7ffff624e82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 #29 0x7ffff624e82f in ?? ??:0 SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/user/pdfium/repo/asan-linux-release- 498039/pdfium_test+0x25b0825) Shadow bytes around the buggy address: 0x0c067fff85d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff85e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff85f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8600: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd 0x0c067fff8610: fd fd fa fa fd fd fd fa fa fa fd fd fd fa fa fa =>0x0c067fff8620: fd fd fd fa fa fa fd fd fd fa fa fa 00 00[07]fa 0x0c067fff8630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff8670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==67198==ABORTING ``` Official, latest version of Chrome on Windows crashes with the following when run with PageHeap enabled (output from BugId): ``` BugId: OOBW[0x1FB]+0~1#b6d7 c40.313 Location: chrome.exe!verifier.dll!AVrfpDphCheckPageHeapBlock Description: Page heap detected heap corruption at 0x8EA7FFB; at the end of a 507/0x1FB bytes heap block at 0x8EA7E00. This appears to be a classic buffer-overrun vulnerability. The following byte values were written to the corrupted area: 22. Version: chrome.exe: 60.0.3112.113 (x86) verifier.dll: 6.1.7600.16385 (x86) Security impact: Potentially highly exploitable security issue. Integrity level: 0x2000 (Medium Integrity; this process appears to not be sandboxed!) Arguments: ['--enable-experimental-accessibility-features', '--enable-experimental-canvas-features', '--enable-experimental-input- view-features', '-- enable-experimental-web-platform-features', '--enable-logging=stderr', '--enable-usermedia-screen-capturing', '--enable-viewport', '-- enable-webgl-draft- extensions', '--enable-webvr', '--expose-internals-for-testing', '--disable-popup-blocking', '--disable-prompt-on-repost', '--force- renderer- accessibility', '--javascript-harmony', '--js-flags="--expose-gc"', '--no-sandbox', 'c:\\Users\\ea\\Desktop\\poc.pdf'] ``` Stack: ``` verifier.dll!VerifierStopMessage + 0x1F8 (this frame is irrelevant to this bug) 2.verifier.dll!AVrfpDphReportCorruptedBlock + 0x1C2 (this frame is irrelevant to this bug) 3.verifier.dll!AVrfpDphCheckPageHeapBlock + 0x161 (id: c40) 4.verifier.dll!AVrfpDphFindBusyMemory + 0xDA (id: 313) 5.verifier.dll!AVrfpDphFindBusyMemoryAndRemoveFromBusyList + 0x20 6.ntdll.dll!RtlpDebugPageHeapFree + ? (the exact offset is not known) 7.ntdll.dll!RtlDebugFreeHeap + 0x2F 8.ntdll.dll!RtlpFreeHeap + 0x5D 9.ntdll.dll!RtlFreeHeap + 0x142 10.kernel32.dll!HeapFree + 0x14 11.chrome_child.dll + 0x163239 (no function symbol available) 12.chrome_child.dll + 0x1852FAA (no function symbol available) 13.chrome_child.dll + 0x184DDD1 (no function symbol available) 14.chrome_child.dll + 0x1846493 (no function symbol available) 15.chrome_child.dll + 0x18488BD (no function symbol available) 16.chrome_child.dll + 0x18485B5 (no function symbol available) 17.chrome_child.dll + 0x1823308 (no function symbol available) 18.chrome_child.dll + 0x18175AB (no function symbol available) 19.chrome_child.dll + 0x181413D (no function symbol available) 20.chrome_child.dll + 0x181468D (no function symbol available) 21.chrome_child.dll + 0x181F15A (no function symbol available) 22.chrome_child.dll + 0x181E1AF (no function symbol available) 23.chrome_child.dll + 0x17CA70A (no function symbol available) 24.chrome_child.dll + 0x1437254 (no function symbol available) 25.chrome_child.dll + 0x143797E (no function symbol available) 26.chrome_child.dll + 0x16729C1 (no function symbol available) Page heap output for heap block near 0x8EA7FFB address 08ea7e00 found in _DPH_HEAP_ROOT @ 4161000 in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize) 8712000: 8ea7e00 1fb - 8ea7000 2000 6ccf8e89 verifier!AVrfDebugPageHeapAllocate+0x00000229 77876206 ntdll!RtlDebugAllocateHeap+0x00000030 7783a127 ntdll!RtlpAllocateHeap+0x000000c4 77805950 ntdll!RtlAllocateHeap+0x0000023a 58de52c3 chrome_child!ovly_debug_event+0x0014dff3 5a357dd2 chrome_child!IsSandboxedProcess+0x003fb31f 5a3cf306 chrome_child!IsSandboxedProcess+0x00472853 5a379bca chrome_child!IsSandboxedProcess+0x0041d117 5a37a05d chrome_child!IsSandboxedProcess+0x0041d5aa 5a38311c chrome_child!IsSandboxedProcess+0x00426669 5a376b0e chrome_child!IsSandboxedProcess+0x0041a05b 5a376493 chrome_child!IsSandboxedProcess+0x004199e0 5a3788bd chrome_child!IsSandboxedProcess+0x0041be0a 5a3785b5 chrome_child!IsSandboxedProcess+0x0041bb02 5a353308 chrome_child!IsSandboxedProcess+0x003f6855 5a3475ab chrome_child!IsSandboxedProcess+0x003eaaf8 5a34413d chrome_child!IsSandboxedProcess+0x003e768a 5a34468d chrome_child!IsSandboxedProcess+0x003e7bda 5a34f15a chrome_child!IsSandboxedProcess+0x003f26a7 5a34e1af chrome_child!IsSandboxedProcess+0x003f16fc 5a2fa70a chrome_child!IsSandboxedProcess+0x0039dc57 59f67254 chrome_child!IsSandboxedProcess+0x0000a7a1 59f6797e chrome_child!IsSandboxedProcess+0x0000aecb 5a1a29c1 chrome_child!IsSandboxedProcess+0x00245f0e 5a1a2be2 chrome_child!IsSandboxedProcess+0x0024612f 5a17e7ea chrome_child!IsSandboxedProcess+0x00221d37 5a17e9fb chrome_child!IsSandboxedProcess+0x00221f48 58c33f7e chrome_child+0x00103f7e 58c31129 chrome_child+0x00101129 58c33bc4 chrome_child+0x00103bc4 58c996e8 chrome_child!ovly_debug_event+0x00002418 58f54b95 chrome_child!ChromeMain+0x0000b501 ``` ### Timeline * 2017-09-05 - Vendor Disclosure * 2017-10-19 - Public Release |
id | SSV:96796 |
last seen | 2017-11-19 |
modified | 2017-11-06 |
published | 2017-11-06 |
reporter | Root |
title | Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability(CVE-2017-5133) |
Talos
id | TALOS-2017-0432 |
last seen | 2019-05-29 |
published | 2017-10-19 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0432 |
title | Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability |
References
- http://www.securityfocus.com/bid/101482
- http://www.securityfocus.com/bid/101482
- https://access.redhat.com/errata/RHSA-2017:2997
- https://access.redhat.com/errata/RHSA-2017:2997
- https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
- https://crbug.com/762106
- https://crbug.com/762106
- https://security.gentoo.org/glsa/201710-24
- https://security.gentoo.org/glsa/201710-24
- https://www.debian.org/security/2017/dsa-4020
- https://www.debian.org/security/2017/dsa-4020