CVE-2012-2874
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| suse | 12.1 | affected | |
| suse | 12.2 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chrome | {"endIncluding":"22.0.1229.78"} | | |
| chrome | 22.0.1229.0 | | |
| chrome | 22.0.1229.1 | | |
| chrome | 22.0.1229.2 | | |
| chrome | 22.0.1229.3 | | |
| chrome | 22.0.1229.4 | | |
| chrome | 22.0.1229.6 | | |
| chrome | 22.0.1229.7 | | |
| chrome | 22.0.1229.8 | | |
| chrome | 22.0.1229.9 | | |
| chrome | 22.0.1229.10 | | |
| chrome | 22.0.1229.11 | | |
| chrome | 22.0.1229.12 | | |
| chrome | 22.0.1229.14 | | |
| chrome | 22.0.1229.16 | | |
| chrome | 22.0.1229.17 | | |
| chrome | 22.0.1229.18 | | |
| chrome | 22.0.1229.20 | | |
| chrome | 22.0.1229.21 | | |
| chrome | 22.0.1229.22 | | |
| chrome | 22.0.1229.23 | | |
| chrome | 22.0.1229.24 | | |
| chrome | 22.0.1229.25 | | |
| chrome | 22.0.1229.26 | | |
| chrome | 22.0.1229.27 | | |
| chrome | 22.0.1229.28 | | |
| chrome | 22.0.1229.29 | | |
| chrome | 22.0.1229.31 | | |
| chrome | 22.0.1229.32 | | |
| chrome | 22.0.1229.33 | | |
| chrome | 22.0.1229.35 | | |
| chrome | 22.0.1229.36 | | |
| chrome | 22.0.1229.37 | | |
| chrome | 22.0.1229.39 | | |
| chrome | 22.0.1229.48 | | |
| chrome | 22.0.1229.49 | | |
| chrome | 22.0.1229.50 | | |
| chrome | 22.0.1229.51 | | |
| chrome | 22.0.1229.52 | | |
| chrome | 22.0.1229.53 | | |
| chrome | 22.0.1229.54 | | |
| chrome | 22.0.1229.55 | | |
| chrome | 22.0.1229.56 | | |
| chrome | 22.0.1229.57 | | |
| chrome | 22.0.1229.58 | | |
| chrome | 22.0.1229.59 | | |
| chrome | 22.0.1229.60 | | |
| chrome | 22.0.1229.62 | | |
| chrome | 22.0.1229.63 | | |
| chrome | 22.0.1229.64 | | |
| chrome | 22.0.1229.65 | | |
| chrome | 22.0.1229.67 | | |
| chrome | 22.0.1229.76 | |
References
- http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html
- https://code.google.com/p/chromium/issues/detail?id=132398
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78835
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15856
- http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html
- https://code.google.com/p/chromium/issues/detail?id=132398
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78835
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15856
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.