Google Chrome up to 19.0.1084.57 PDF Image Codec buffer overflow

VulDB: Google Chrome up to 19.0.1084.57 PDF Image Codec buffer overflow

General

Google

scipID: 5607
Affected: Google Chrome up to 19.0.1084.57
Published: 06/26/2012 (Mateusz Jurczyk)
Risk: problematic
Entry: 90.3% complete
Created: 06/27/2012
Updated: 09/03/2012

Summary

A vulnerability, which was classified as problematic, was found in Google Chrome up to 19.0.1084.57. This affects an unknown function of the component PDF Image Codec. The manipulation with an unknown input leads to a buffer overflow vulnerability. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was disclosed 06/26/2012 by Mateusz Jurczyk with Google Security Team as 131553. The advisory is shared for download at code.google.com. The public release has been coordinated in cooperation with Google. This vulnerability is uniquely identified as CVE-2012-2832 since 05/19/2012. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 20.0.1132.43 eliminates this vulnerability. The upgrade is hosted for download at google.com. The problem might be mitigated by replacing the product with Mozilla Firefox, Microsoft Internet Explorer, Opera as an alternative. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the vulnerability database at OSVDB (83248). Further details are available at googlechromereleases.blogspot.de.