CVE-2020-15989: Uninitialized Use in PDFium

Q: What is CVE-2020-15989?

CVE-2020-15989 is a vulnerability in PDFium in Google Chrome prior to version 86.0.4240.75.

Q: How does CVE-2020-15989 work?

CVE-2020-15989 allows a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Q: Which software versions are affected by CVE-2020-15989?

CVE-2020-15989 affects Google Chrome versions prior to 86.0.4240.75, Fedoraproject Fedora versions 31, 32, and 33, openSUSE Backports SLE version 15.0-sp2, and Debian Debian Linux version 10.0.

Q: What is the severity of CVE-2020-15989?

The severity of CVE-2020-15989 is medium with a CVSS score of 5.5.

Q: How can I fix CVE-2020-15989?

To fix CVE-2020-15989, you should update your Google Chrome to version 86.0.4240.75 or later, or apply the appropriate security updates for the affected software versions.

Published Jul 22, 2020

Updated

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Credit

Gareth Evans (Microsoft)

Affected Software

8 affected componentsFixes available

debian/chromium

90.0.4430.212-1~deb10u1116.0.5845.180-1~deb11u1120.0.6099.129-1~deb11u1119.0.6045.199-1~deb12u1120.0.6099.129-1~deb12u1120.0.6099.129-1

Google Chrome<86.0.4240.75

86.0.4240.75

Google Chrome<86.0.4240.75

Fedoraproject Fedora=31

Fedoraproject Fedora=32

Fedoraproject Fedora=33

openSUSE Backports SLE=15.0-sp2

Debian Debian Linux=10.0

Remediation

Patch Available

https://crbug.com/1108351

Event History

Jul 22, 2020

CVE Published

12:00 AM

Nov 3, 2020

CVE Published

via MITRE·02:21 AM

Data Sourced

via MITRE·02:21 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

7211503174014671839

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2020-15989?