CVE-2011-3062

Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.

Weakness

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	*	18.0.1025.142 (excluding)
Red Hat Enterprise Linux 5	RedHat	firefox-0:10.0.4-1.el5_8	*
Red Hat Enterprise Linux 5	RedHat	xulrunner-0:10.0.4-1.el5_8	*
Red Hat Enterprise Linux 5	RedHat	thunderbird-0:10.0.4-1.el5_8	*
Red Hat Enterprise Linux 6	RedHat	firefox-0:10.0.4-1.el6_2	*
Red Hat Enterprise Linux 6	RedHat	xulrunner-0:10.0.4-1.el6_2	*
Red Hat Enterprise Linux 6	RedHat	thunderbird-0:10.0.4-1.el6_2	*
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	maverick	*
Chromium-browser	Ubuntu	natty	*
Chromium-browser	Ubuntu	oneiric	*
Chromium-browser	Ubuntu	upstream	*

Potential Mitigations

Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-3062
CWE	https://cwe.mitre.org/data/definitions/682.html

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

References

CVE-2011-3062

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References