PT-2020-3421 · Google+3 · Pdfium+4

Aleksandar Nikolic

·

Published

2020-04-21

·

Updated

2024-06-15

·

CVE-2020-6458

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 81.0.4044.122
Description The issue is related to an out of bounds read and write in PDFium, which can be exploited by a remote attacker using a crafted PDF file, potentially leading to heap corruption. This could allow an attacker to access confidential data, compromise data integrity, and cause a denial of service.
Recommendations For versions prior to 81.0.4044.122, update to version 81.0.4044.122 or later to resolve the issue. As a temporary workaround, consider avoiding the use of PDF files from untrusted sources until the update is applied.

Exploit

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALT-PU-2020-1962
ALT-PU-2020-1969
ALT-PU-2020-2420
ALT-PU-2020-2441
BDU:2020-03744
CVE-2020-6458
DSA-4714-1
DSA-4714-2
DSA-4714-3
MGASA-2020-0185
OPENSUSE-SU-2020:0604-1
OPENSUSE-SU-2020:0615-1
OPENSUSE-SU-2020:0635-1
OPENSUSE-SU-2020_0604-1
OPENSUSE-SU-2020_0635-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2020:1970
RHSA-2020_1970

Affected Products

Alt Linux
Google Chrome
Pdfium
Red Hat
Suse