CVE-2011-3097 : The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possi

The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.

Published 2012-05-16 00:55:03

Updated 2017-12-05 02:29:01

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2011-3097

Probability of exploitation activity in the next 30 days: 1.70%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-3097

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-3097

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3097

http://www.securityfocus.com/bid/53540

Google Chrome Prior to 19 Multiple Security Vulnerabilities

CVEs referencing this url
http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html

Chrome Releases: Stable Channel Update
Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id?1027067

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
http://code.google.com/p/chromium/issues/detail?id=124182

124182 - Out of bounds write in PDF with sample function with lots of inputs - chromium - Monorail
https://exchange.xforce.ibmcloud.com/vulnerabilities/75602

Google Chrome sampled functions code execution CVE-2011-3097 Vulnerability Report
http://code.google.com/p/chromium/issues/detail?id=123733

123733 - Out-of-bounds reads with bad parameters to PDF "sampled function" function - chromium - Monorail
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15422

Repository / Oval Repository

Products affected by CVE-2011-3097

Google » Chrome
Versions up to, including, (<=) 19.0.1084.45
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-3097

Exploit prediction scoring system (EPSS) score for CVE-2011-3097

CVSS scores for CVE-2011-3097

CWE ids for CVE-2011-3097

References for CVE-2011-3097

Products affected by CVE-2011-3097