CVE-2024-5847

2024-06-1121:15:55

Google

osv.dev

pdfium vulnerability

chrome version 126.0.6478.54

remote attacker

heap corruption

crafted pdf file

chromium security severity medium

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

CPENameOperatorVersion
chromiumeq119.0.6045.199-1
chromiumeq100.0.4896.88-1~deb11u1
chromiumeq106.0.5249.119-1~deb11u1
chromiumeq87.0.4280.88-0.4~deb10u1
chromiumeq103.0.5060.114-1
chromiumeq122.0.6261.111-1~deb12u1
chromiumeq80.0.3987.122-2
chromiumeq101.0.4951.64-1~deb11u1
chromiumeq121.0.6167.160-1
chromiumeq88.0.4324.146-1~deb10u1

Name	Operator	Version
chromium	eq	119.0.6045.199-1
chromium	eq	100.0.4896.88-1~deb11u1
chromium	eq	106.0.5249.119-1~deb11u1
chromium	eq	87.0.4280.88-0.4~deb10u1
chromium	eq	103.0.5060.114-1
chromium	eq	122.0.6261.111-1~deb12u1
chromium	eq	80.0.3987.122-2
chromium	eq	101.0.4951.64-1~deb11u1
chromium	eq	121.0.6167.160-1
chromium	eq	88.0.4324.146-1~deb10u1