Vulnerabilities > CVE-2020-15989 - Use of Uninitialized Resource vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
- https://crbug.com/1108351
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
- https://www.debian.org/security/2021/dsa-4824
- https://security.gentoo.org/glsa/202101-30
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/