8.8

CVE-2019-13736

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 79.0.3945.79
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version30
FedoraprojectFedora Version31
RedhatEnterprise Linux Desktop Version6.0 HwPlatformx64
RedhatEnterprise Linux Desktop Version6.0 HwPlatformx86
RedhatEnterprise Linux For Scientific Computing Version6.0 HwPlatformx64
RedhatEnterprise Linux For Scientific Computing Version6.0 HwPlatformx86
RedhatEnterprise Linux Server Version6.0 HwPlatformx64
RedhatEnterprise Linux Server Version6.0 HwPlatformx86
RedhatEnterprise Linux Workstation Version6.0 HwPlatformx64
RedhatEnterprise Linux Workstation Version6.0 HwPlatformx86
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.54% 0.716
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202003-08
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
Broken Link
https://access.redhat.com/errata/RHSA-2019:4238
Third Party Advisory
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
https://seclists.org/bugtraq/2020/Jan/27
Third Party Advisory
Mailing List
https://www.debian.org/security/2020/dsa-4606
Third Party Advisory
https://crbug.com/1020899
Vendor Advisory
Permissions Required