PT-2016-3041 · Google+4 · Google Chrome+5

Publicado

2016-12-01

·

Atualizado

2024-06-15

·

CVE-2016-5211

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 55.0.2883.75 for Mac, Windows and Linux Google Chrome versions prior to 55.0.2883.84 for Android
Description The issue is related to a use after free in the PDFium component, which can be exploited by a remote attacker using a specially crafted PDF file. This could potentially allow the attacker to access protected information by exploiting heap corruption.
Recommendations For Google Chrome versions prior to 55.0.2883.75 for Mac, Windows and Linux, update to version 55.0.2883.75 or later. For Google Chrome versions prior to 55.0.2883.84 for Android, update to version 55.0.2883.84 or later. As a temporary workaround, consider avoiding the use of PDF files from untrusted sources until the issue is resolved.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2016-2425
BDU:2017-00140
CVE-2016-5211
DSA-3731-1
MGASA-2016-0419
OPENSUSE-SU-2016_3108-1
OPENSUSE-SU-2017:0563-1
OPENSUSE-SU-2024:10171-1
OPENSUSE-SU-2024:12948-1
RHSA-2016:2919
RHSA-2016_2919

Produtos afetados

Alt Linux
Google Chrome
Opera
Pdfium
Red Hat
Suse