Lucene search

[email protected]CVE-2015-6758

HistoryOct 15, 2015 - 10:59 a.m.

CVE-2015-6758

2015-10-1510:59:00

CWE-17

[email protected]

web.nvd.nist.gov

cve-2015-6758

pdfium

denial of service

remote attackers

crafted pdf document

9.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

JSON

The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

CPENameOperatorVersion
google:chromegoogle chromele45.0.2454.101

CPE	Name	Operator	Version
google:chrome	google chrome	le	45.0.2454.101

References

googlechromereleases.blogspot.com/2015/10/stable-channel-update.html

rhn.redhat.com/errata/RHSA-2015-1912.html

www.debian.org/security/2015/dsa-3376

www.securityfocus.com/bid/77071

www.securitytracker.com/id/1033816

code.google.com/p/chromium/issues/detail?id=522131

codereview.chromium.org/1327913002

security.gentoo.org/glsa/201603-09

9.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2015-6758

debiancve1 ubuntucve1 prion1 threatpost1 nessus8 redhat1 openvas7 archlinux1 mageia1 freebsd1 kaspersky1 debian2 osv1 securityvulns2 chrome1 gentoo1