Vulnerability Details : CVE-2011-3097
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-3097
Probability of exploitation activity in the next 30 days: 1.70%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-3097
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-3097
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3097
-
http://www.securityfocus.com/bid/53540
Google Chrome Prior to 19 Multiple Security Vulnerabilities
-
http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.securitytracker.com/id?1027067
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://code.google.com/p/chromium/issues/detail?id=124182
124182 - Out of bounds write in PDF with sample function with lots of inputs - chromium - Monorail
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75602
Google Chrome sampled functions code execution CVE-2011-3097 Vulnerability Report
-
http://code.google.com/p/chromium/issues/detail?id=123733
123733 - Out-of-bounds reads with bad parameters to PDF "sampled function" function - chromium - MonorailVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15422
Repository / Oval Repository
Products affected by CVE-2011-3097
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*