CVE-2017-5012

Upstream information

CVE-2017-5012 at MITRE

Description

A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

SUSE information

CVSS v2 Scores
	National Vulnerability Database
Base Score	6.82
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

CVSS v3 Scores
	National Vulnerability Database
Base Score	8.8
Vector	AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Access Vector	Network
Access Complexity	Low
Privileges Required	None
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High

SUSE Bugzilla entry: 1022049 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2017:0499-1, published Sat, 18 Feb 2017 15:08:33 +0100 (CET)
openSUSE-SU-2017:0565-1, published Mon, 27 Feb 2017 12:09:06 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Leap 42.1	`chromedriver >= 56.0.2924.87-102.1` `chromedriver-debuginfo >= 56.0.2924.87-102.1` `chromium >= 56.0.2924.87-102.1` `chromium-debuginfo >= 56.0.2924.87-102.1` `chromium-debugsource >= 56.0.2924.87-102.1` `ffmpeg3 >= 3.2.2-2.1` `ffmpeg3-debuginfo >= 3.2.2-2.1` `ffmpeg3-debugsource >= 3.2.2-2.1` `libavcodec-devel >= 3.2.2-2.1` `libavcodec57 >= 3.2.2-2.1` `libavcodec57-32bit >= 3.2.2-2.1` `libavcodec57-debuginfo >= 3.2.2-2.1` `libavcodec57-debuginfo-32bit >= 3.2.2-2.1` `libavdevice-devel >= 3.2.2-2.1` `libavdevice57 >= 3.2.2-2.1` `libavdevice57-32bit >= 3.2.2-2.1` `libavdevice57-debuginfo >= 3.2.2-2.1` `libavdevice57-debuginfo-32bit >= 3.2.2-2.1` `libavfilter-devel >= 3.2.2-2.1` `libavfilter6 >= 3.2.2-2.1` `libavfilter6-32bit >= 3.2.2-2.1` `libavfilter6-debuginfo >= 3.2.2-2.1` `libavfilter6-debuginfo-32bit >= 3.2.2-2.1` `libavformat-devel >= 3.2.2-2.1` `libavformat57 >= 3.2.2-2.1` `libavformat57-32bit >= 3.2.2-2.1` `libavformat57-debuginfo >= 3.2.2-2.1` `libavformat57-debuginfo-32bit >= 3.2.2-2.1` `libavresample-devel >= 3.2.2-2.1` `libavresample3 >= 3.2.2-2.1` `libavresample3-32bit >= 3.2.2-2.1` `libavresample3-debuginfo >= 3.2.2-2.1` `libavresample3-debuginfo-32bit >= 3.2.2-2.1` `libavutil-devel >= 3.2.2-2.1` `libavutil55 >= 3.2.2-2.1` `libavutil55-32bit >= 3.2.2-2.1` `libavutil55-debuginfo >= 3.2.2-2.1` `libavutil55-debuginfo-32bit >= 3.2.2-2.1` `libpostproc-devel >= 3.2.2-2.1` `libpostproc54 >= 3.2.2-2.1` `libpostproc54-32bit >= 3.2.2-2.1` `libpostproc54-debuginfo >= 3.2.2-2.1` `libpostproc54-debuginfo-32bit >= 3.2.2-2.1` `libswresample-devel >= 3.2.2-2.1` `libswresample2 >= 3.2.2-2.1` `libswresample2-32bit >= 3.2.2-2.1` `libswresample2-debuginfo >= 3.2.2-2.1` `libswresample2-debuginfo-32bit >= 3.2.2-2.1` `libswscale-devel >= 3.2.2-2.1` `libswscale4 >= 3.2.2-2.1` `libswscale4-32bit >= 3.2.2-2.1` `libswscale4-debuginfo >= 3.2.2-2.1` `libswscale4-debuginfo-32bit >= 3.2.2-2.1`	Patchnames: openSUSE-2017-273
openSUSE Leap 42.2	`chromedriver >= 56.0.2924.87-102.1` `chromedriver-debuginfo >= 56.0.2924.87-102.1` `chromium >= 56.0.2924.87-102.1` `chromium-debuginfo >= 56.0.2924.87-102.1` `chromium-debugsource >= 56.0.2924.87-102.1` `ffmpeg3 >= 3.2.2-2.1` `ffmpeg3-debuginfo >= 3.2.2-2.1` `ffmpeg3-debugsource >= 3.2.2-2.1` `harfbuzz >= 1.4.2-3.1` `harfbuzz-debugsource >= 1.4.2-3.1` `harfbuzz-devel >= 1.4.2-3.1` `harfbuzz-tools >= 1.4.2-3.1` `harfbuzz-tools-debuginfo >= 1.4.2-3.1` `libavcodec-devel >= 3.2.2-2.1` `libavcodec57 >= 3.2.2-2.1` `libavcodec57-32bit >= 3.2.2-2.1` `libavcodec57-debuginfo >= 3.2.2-2.1` `libavcodec57-debuginfo-32bit >= 3.2.2-2.1` `libavdevice-devel >= 3.2.2-2.1` `libavdevice57 >= 3.2.2-2.1` `libavdevice57-32bit >= 3.2.2-2.1` `libavdevice57-debuginfo >= 3.2.2-2.1` `libavdevice57-debuginfo-32bit >= 3.2.2-2.1` `libavfilter-devel >= 3.2.2-2.1` `libavfilter6 >= 3.2.2-2.1` `libavfilter6-32bit >= 3.2.2-2.1` `libavfilter6-debuginfo >= 3.2.2-2.1` `libavfilter6-debuginfo-32bit >= 3.2.2-2.1` `libavformat-devel >= 3.2.2-2.1` `libavformat57 >= 3.2.2-2.1` `libavformat57-32bit >= 3.2.2-2.1` `libavformat57-debuginfo >= 3.2.2-2.1` `libavformat57-debuginfo-32bit >= 3.2.2-2.1` `libavresample-devel >= 3.2.2-2.1` `libavresample3 >= 3.2.2-2.1` `libavresample3-32bit >= 3.2.2-2.1` `libavresample3-debuginfo >= 3.2.2-2.1` `libavresample3-debuginfo-32bit >= 3.2.2-2.1` `libavutil-devel >= 3.2.2-2.1` `libavutil55 >= 3.2.2-2.1` `libavutil55-32bit >= 3.2.2-2.1` `libavutil55-debuginfo >= 3.2.2-2.1` `libavutil55-debuginfo-32bit >= 3.2.2-2.1` `libharfbuzz-icu0 >= 1.4.2-3.1` `libharfbuzz-icu0-32bit >= 1.4.2-3.1` `libharfbuzz-icu0-debuginfo >= 1.4.2-3.1` `libharfbuzz-icu0-debuginfo-32bit >= 1.4.2-3.1` `libharfbuzz0 >= 1.4.2-3.1` `libharfbuzz0-32bit >= 1.4.2-3.1` `libharfbuzz0-debuginfo >= 1.4.2-3.1` `libharfbuzz0-debuginfo-32bit >= 1.4.2-3.1` `libpostproc-devel >= 3.2.2-2.1` `libpostproc54 >= 3.2.2-2.1` `libpostproc54-32bit >= 3.2.2-2.1` `libpostproc54-debuginfo >= 3.2.2-2.1` `libpostproc54-debuginfo-32bit >= 3.2.2-2.1` `libswresample-devel >= 3.2.2-2.1` `libswresample2 >= 3.2.2-2.1` `libswresample2-32bit >= 3.2.2-2.1` `libswresample2-debuginfo >= 3.2.2-2.1` `libswresample2-debuginfo-32bit >= 3.2.2-2.1` `libswscale-devel >= 3.2.2-2.1` `libswscale4 >= 3.2.2-2.1` `libswscale4-32bit >= 3.2.2-2.1` `libswscale4-debuginfo >= 3.2.2-2.1` `libswscale4-debuginfo-32bit >= 3.2.2-2.1`	Patchnames: openSUSE-2017-273