CVE-2012-2824

HIGH

Description

Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.

References

http://code.google.com/p/chromium/issues/detail?id=125374

http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html

http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html

http://support.apple.com/kb/HT5642

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15666

Details

Source: MITRE

Published: 2012-06-27

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:20.0.1132.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:20.0.1132.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 20.0.1132.42 (inclusive)

Configuration 2

OR

cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 6.0.2 (inclusive)

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
6831iTunes < 11.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
66499Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
critical
66498Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)NessusWindows
critical
800999Mac OS X : Safari < 6.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6712Safari < 6.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
65579Mac OS X : Apple Safari < 6.0.3 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
6679Apple iOS < 6.1 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
64287Apple iOS < 6.1 Multiple VulnerabilitiesNessusMobile Devices
high
61542GLSA-201208-03 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
800967Google Chrome < 20.0.1132.43 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6508Google Chrome < 20.0.1132.43 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
59750FreeBSD : chromium -- multiple vulnerabilities (ff922811-c096-11e1-b0f4-00262d5ed8ee)NessusFreeBSD Local Security Checks
high
59735Google Chrome < 20.0.1132.43 Multiple VulnerabilitiesNessusWindows
high