New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Dec 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security



Sign in to add a comment

PDF: integer overflows in JS array handling

Reported by scarybea...@gmail.com, Dec 11 2012 Back to list

Issue description

Credit: Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.

Repro attached.
 
1152.pdf.asan.4c.864
91.8 KB Download
Labels: -Restrict-View-SecurityTeam -Mstone-23 Restrict-View-SecurityNotify Mstone-24 Merge-Approved
PDF r2080
Labels: -Pri-0 -Area-Undefined Pri-1 Area-Internals
Status: FixUnreleased
Labels: -Merge-Approved Merge-Merged
M24: PDF r2085
Labels: Release-0

Comment 5 by jsc...@chromium.org, Dec 20 2012

Status: Fixed
Labels: CVE-2012-5151
Project Member

Comment 7 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Type-Security -Area-Internals -Feature-PDF -SecSeverity-High -SecImpacts-Stable -SecImpacts-Beta -Mstone-24 Cr-Content-Plugins-PDF Security-Impact-Beta Cr-Internals M-24 Security-Severity-High Security-Impact-Stable Type-Bug-Security
Labels: -Restrict-View-SecurityNotify
Project Member

Comment 9 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Severity-High Security_Severity-High
Project Member

Comment 10 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member

Comment 11 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Impact-Beta Security_Impact-Beta
Project Member

Comment 12 by bugdroid1@chromium.org, Apr 5 2013

Labels: Cr-Blink
Project Member

Comment 13 by bugdroid1@chromium.org, Apr 6 2013

Labels: -Cr-Content-Plugins-PDF Cr-Internals-Plugins-PDF
Project Member

Comment 14 by sheriffbot@chromium.org, Jun 14 2016

Labels: -security_impact-beta
Project Member

Comment 15 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 16 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Labels: CVE_description-submitted

Sign in to add a comment