CVE-2016-5151

EUVD-2016-6102
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
opensuseleap
42.1
googlechrome
𝑥
≤ 52.0.2743.116
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
precise
ignored
trusty
Fixed 53.0.2785.143-0ubuntu0.14.04.1.1142
released
xenial
Fixed 53.0.2785.143-0ubuntu0.16.04.1.1254
released
yakkety
Fixed 53.0.2785.143-0ubuntu1.1307
released
oxide-qt
precise
dne
trusty
dne
xenial
not-affected
yakkety
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html
http://rhn.redhat.com/errata/RHSA-2016-1854.html
http://www.debian.org/security/2016/dsa-3660
http://www.securityfocus.com/bid/92717
http://www.securitytracker.com/id/1036729
https://crbug.com/634716
https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
https://pdfium.googlesource.com/pdfium.git/+/8ca63de14d522d3d259d74fa43b28b05b02728e8
https://security.gentoo.org/glsa/201610-09
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html
http://rhn.redhat.com/errata/RHSA-2016-1854.html
http://www.debian.org/security/2016/dsa-3660
http://www.securityfocus.com/bid/92717
http://www.securitytracker.com/id/1036729
https://crbug.com/634716
https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
https://pdfium.googlesource.com/pdfium.git/+/8ca63de14d522d3d259d74fa43b28b05b02728e8
https://security.gentoo.org/glsa/201610-09