CVE-2013-0927

EPSS 0.19%
Published 10.04.2013 16:55:04
Last modified 11.04.2025 00:51:21
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Os Version <= 26.0.1410.56

Google ≫ Chrome Os Version26.0.1410.0

Google ≫ Chrome Os Version26.0.1410.1

Google ≫ Chrome Os Version26.0.1410.3

Google ≫ Chrome Os Version26.0.1410.4

Google ≫ Chrome Os Version26.0.1410.5

Google ≫ Chrome Os Version26.0.1410.6

Google ≫ Chrome Os Version26.0.1410.7

Google ≫ Chrome Os Version26.0.1410.8

Google ≫ Chrome Os Version26.0.1410.9

Google ≫ Chrome Os Version26.0.1410.10

Google ≫ Chrome Os Version26.0.1410.11

Google ≫ Chrome Os Version26.0.1410.12

Google ≫ Chrome Os Version26.0.1410.14

Google ≫ Chrome Os Version26.0.1410.15

Google ≫ Chrome Os Version26.0.1410.16

Google ≫ Chrome Os Version26.0.1410.17

Google ≫ Chrome Os Version26.0.1410.18

Google ≫ Chrome Os Version26.0.1410.19

Google ≫ Chrome Os Version26.0.1410.20

Google ≫ Chrome Os Version26.0.1410.21

Google ≫ Chrome Os Version26.0.1410.22

Google ≫ Chrome Os Version26.0.1410.23

Google ≫ Chrome Os Version26.0.1410.24

Google ≫ Chrome Os Version26.0.1410.25

Google ≫ Chrome Os Version26.0.1410.26

Google ≫ Chrome Os Version26.0.1410.27

Google ≫ Chrome Os Version26.0.1410.28

Google ≫ Chrome Os Version26.0.1410.29

Google ≫ Chrome Os Version26.0.1410.30

Google ≫ Chrome Os Version26.0.1410.31

Google ≫ Chrome Os Version26.0.1410.32

Google ≫ Chrome Os Version26.0.1410.33

Google ≫ Chrome Os Version26.0.1410.34

Google ≫ Chrome Os Version26.0.1410.35

Google ≫ Chrome Os Version26.0.1410.36

Google ≫ Chrome Os Version26.0.1410.37

Google ≫ Chrome Os Version26.0.1410.38

Google ≫ Chrome Os Version26.0.1410.39

Google ≫ Chrome Os Version26.0.1410.40

Google ≫ Chrome Os Version26.0.1410.41

Google ≫ Chrome Os Version26.0.1410.42

Google ≫ Chrome Os Version26.0.1410.43

Google ≫ Chrome Os Version26.0.1410.44

Google ≫ Chrome Os Version26.0.1410.45

Google ≫ Chrome Os Version26.0.1410.46

Google ≫ Chrome Os Version26.0.1410.47

Google ≫ Chrome Os Version26.0.1410.48

Google ≫ Chrome Os Version26.0.1410.49

Google ≫ Chrome Os Version26.0.1410.50

Google ≫ Chrome Os Version26.0.1410.51

Google ≫ Chrome Os Version26.0.1410.52

Google ≫ Chrome Os Version26.0.1410.54

Google ≫ Chrome Os Version26.0.1410.55

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.381

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=fb5a664def6cd34bf7295489ea73e1d989bdd6d0

http://googlechromereleases.blogspot.com/2013/04/chrome-os-stable-channel-update.html

https://code.google.com/p/chromium/issues/detail?id=189250

https://nvd.nist.gov/vuln/detail/CVE-2013-0927

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0927

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0927

EUVD