CVE-2024-5845

2024-06-1121:15:55

Google

osv.dev

google chrome

cve-2024-5845

audio

vulnerability

heap corruption

pdf

chromium

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

CPENameOperatorVersion
chromiumeq119.0.6045.199-1
chromiumeq100.0.4896.88-1~deb11u1
chromiumeq106.0.5249.119-1~deb11u1
chromiumeq87.0.4280.88-0.4~deb10u1
chromiumeq103.0.5060.114-1
chromiumeq122.0.6261.111-1~deb12u1
chromiumeq80.0.3987.122-2
chromiumeq101.0.4951.64-1~deb11u1
chromiumeq121.0.6167.160-1
chromiumeq88.0.4324.146-1~deb10u1

Name	Operator	Version
chromium	eq	119.0.6045.199-1
chromium	eq	100.0.4896.88-1~deb11u1
chromium	eq	106.0.5249.119-1~deb11u1
chromium	eq	87.0.4280.88-0.4~deb10u1
chromium	eq	103.0.5060.114-1
chromium	eq	122.0.6261.111-1~deb12u1
chromium	eq	80.0.3987.122-2
chromium	eq	101.0.4951.64-1~deb11u1
chromium	eq	121.0.6167.160-1
chromium	eq	88.0.4324.146-1~deb10u1