CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-5151 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2016-5151
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp. PDFium en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux no maneja adecuadamente los temporizadores, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de un documento PDF manipulado, relacionado con fpdfsdk/javascript/JS_Object.cpp y fpdfsdk/javascript/app.cpp. • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html http://rhn.redhat.com/errata/RHSA-2016-1854.html http://www.debian.org/security/2016/dsa-3660 http://www.securityfocus.com/bid/92717 http://www.securitytracker.com/id/1036729 https://crbug.com/63471 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5167 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5167
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux permiten a atacantes provocar una denegación de servicio o tener otro posible impacto no especificado a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html http://rhn.redhat.com/errata/RHSA-2016-1854.html http://www.debian.org/security/2016/dsa-3660 http://www.securityfocus.com/bid/92717 http://www.securitytracker.com/id/1036729 https://crbug.com/617648 https://crbug.com/619379 https://crbug.com/624213 https://crbug.com/624214 https://crbug.com/625575 https://crbug.com/627355 https://crbug.com/627418 https://crbug.com/633585 https://crbu •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5153 – chromium-browser: use after destruction in blink
https://notcve.org/view.php?id=CVE-2016-5153
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. La implementación de Web Animations en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux, confía indebidamente en la iteración de lista, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de destrucción de memoria) o posiblemente tener otro impacto no especificado a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html http://rhn.redhat.com/errata/RHSA-2016-1854.html http://www.debian.org/security/2016/dsa-3660 http://www.securityfocus.com/bid/92717 http://www.securitytracker.com/id/1036729 https://codereview.chromium& • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-5159 – openjpeg: heap overflow in parsing of JPEG2000 code blocks
https://notcve.org/view.php?id=CVE-2016-5159
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. Múltiples desbordamiento de entero en OpenJPEG, tal como se utiliza en PDFium en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux, permiten a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de datos JPEG 2000 manipulados que son manejados incorrectamente durante llamadas opj_aligned_malloc calls en dwt.c y t1.c. An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution. • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html http://rhn.redhat.com/errata/RHSA-2016-1854.html http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.debian.org/security/2016/dsa-3660 http& • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2016-5157 – chromium-browser: heap overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-5157
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. Desbordamiento de búfer basado en memoria dinámica en la función opj_dwt_interleave_v en dwt.c en OpenJPEG, tal como se utiliza en PDFium en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux, permite a atacantes remotos ejecutar código arbitrario a través de valores de coordenadas manipulados en datos JPEG 2000. • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html http://rhn.redhat.com/errata/RHSA-2016-1854.html http://www.debian.org/security/2016/dsa-3660 http://www.debian.org/security/2017/dsa-4013 http://www.openwall.com/lists/oss-security/2016/09/08/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •