CVE-2011-3051 : Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function.

Published 2012-03-22 16:55:01

Updated 2020-04-14 16:02:20

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2011-3051

Google » Chrome
Versions before (<) 17.0.963.83
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-3051

EPSS FAQ

0.64%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-3051

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-3051

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3051

http://www.securityfocus.com/bid/52674

Google Chrome Prior to 17.0.963.83 Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securitytracker.com/id?1026841

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

Chrome Releases: Stable Channel Update
Release Notes;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/74211

Google Chrome CSS cross-fade code execution CVE-2011-3051 Vulnerability Report
Third Party Advisory;VDB Entry
http://security.gentoo.org/glsa/glsa-201203-19.xml

Chromium: Multiple vulnerabilities (GLSA 201203-19) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15016

Repository / Oval Repository
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html

[security-announce] openSUSE-SU-2012:0466-1: important: update for chrom
Mailing List;Third Party Advisory

CVEs referencing this url
http://code.google.com/p/chromium/issues/detail?id=116461

116461 - Heap-use-after-free in WebCore::CSSCrossfadeValue::~CSSCrossfadeValue - chromium - Monorail
Vendor Advisory

Jump to

Vulnerability Details : CVE-2011-3051

Products affected by CVE-2011-3051

Exploit prediction scoring system (EPSS) score for CVE-2011-3051

CVSS scores for CVE-2011-3051

CWE ids for CVE-2011-3051

References for CVE-2011-3051