CVE-2014-7902 - Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote

CVE-2014-7902

Summary

Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

References

http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
http://www.securityfocus.com/bid/71165
http://www.securitytracker.com/id/1031241
https://code.google.com/p/chromium/issues/detail?id=414504
https://exchange.xforce.ibmcloud.com/vulnerabilities/98790

Vulnerable Configurations

cpe:2.3:a:google:chrome:39.0.2171.63:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:39.0.2171.63:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-09-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-17

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	71165
confirm	http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html https://code.google.com/p/chromium/issues/detail?id=414504
sectrack	1031241
xf	google-chrome-cve20147902-code-exec(98790)

Last major update

08-09-2017 - 01:29

Published

19-11-2014 - 11:59

Last modified

08-09-2017 - 01:29