CVE-2014-3157
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
11/06/2014
Last modified:
12/04/2025
Description
Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | 35.0.1916.152 (including) | |
| cpe:2.3:a:google:chrome:35.0.1916.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:35.0.1916.14:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html
- http://secunia.com/advisories/58585
- http://secunia.com/advisories/59090
- http://secunia.com/advisories/60061
- http://secunia.com/advisories/60372
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2959
- http://www.securityfocus.com/bid/67972
- https://code.google.com/p/chromium/issues/detail?id=368980
- https://src.chromium.org/viewvc/chrome?revision=268831&view=revision
- http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html
- http://secunia.com/advisories/58585
- http://secunia.com/advisories/59090
- http://secunia.com/advisories/60061
- http://secunia.com/advisories/60372
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2959
- http://www.securityfocus.com/bid/67972
- https://code.google.com/p/chromium/issues/detail?id=368980
- https://src.chromium.org/viewvc/chrome?revision=268831&view=revision