Vulnerability Details : CVE-2019-5762
Potential exploit
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Vulnerability category: OverflowExecute code
Products affected by CVE-2019-5762
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-5762
18.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-5762
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-5762
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-5762
-
https://www.debian.org/security/2019/dsa-4395
Debian -- Security Information -- DSA-4395-1 chromiumThird Party Advisory
-
http://www.securityfocus.com/bid/106767
Google Chrome Prior to 72.0.3626.81 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/
[SECURITY] Fedora 30 Update: chromium-73.0.3683.75-2.fc30 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
Chrome Releases: Stable Channel Update for DesktopVendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:0309
RHSA-2019:0309 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://crbug.com/900552
900552 - Heap-use-after-free in CPDF_OCContext::CheckOCGVisible - chromium - MonorailExploit;Issue Tracking;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/
[SECURITY] Fedora 29 Update: chromium-73.0.3683.75-2.fc29 - package-announce - Fedora Mailing-ListsMailing List;Release Notes;Third Party Advisory
Jump to