[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-7937Date: (C)2015-01-28   (M)2023-12-22


Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1031623
SECUNIA-62383
SECUNIA-62575
SECUNIA-62665
BID-72288
GLSA-201502-13
GLSA-201603-06
RHSA-2015:0093
USN-2476-1
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c50704ebf1777bee76772c4835d9760b3721057
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057
http://googlechromereleases.blogspot.com/2015/01/stable-update.html
https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/d4608b7c83f56b17f14fdd94990341f62bb52f92
https://code.google.com/p/chromium/issues/detail?id=419060
openSUSE-SU-2015:0441

CPE    2
cpe:/a:google:chrome:40.0.2214.85
cpe:/a:ffmpeg:ffmpeg:2.4.1
CWE    1
CWE-119
OVAL    11
oval:org.secpod.oval:def:23325
oval:org.secpod.oval:def:52395
oval:org.secpod.oval:def:23281
oval:org.secpod.oval:def:505627
...

© SecPod Technologies