CVE-2012-2820

MEDIUM

Description

Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

References

http://code.google.com/p/chromium/issues/detail?id=121926

http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html

https://hermes.opensuse.org/messages/15075728

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15468

Details

Source: MITRE

Published: 2012-06-27

Updated: 2017-09-19

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:google:chrome:20.0.1132.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 20.0.1132.42 (inclusive)

Tenable Plugins

View all (5 total)

ID	Name	Product	Family	Severity
74660	openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0813-1)	Nessus	SuSE Local Security Checks	high
61542	GLSA-201208-03 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
800967	Google Chrome < 20.0.1132.43 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
59750	FreeBSD : chromium -- multiple vulnerabilities (ff922811-c096-11e1-b0f4-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high
59735	Google Chrome < 20.0.1132.43 Multiple Vulnerabilities	Nessus	Windows	high