CVE-2011-0480 — Classic Buffer Overflow in Google Chrome

CWE-120 — Classic Buffer Overflow7 documents7 sources

Severity

9.3CRITICALNVD

EPSS

1.3%

top 20.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Google Chrome Google Chrome OS +2 more

Timeline

PublishedJan 14

Latest updateMay 13

Description

Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDgoogle/chrome< 8.0.552.237

▶NVDgoogle/chrome_os< 8.0.552.344

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

Also affects: Debian Linux 6.0, Ubuntu Linux 10.04, 10.10, 8.04, 9.10

Patches

Patch: code.google.com ↗Patch: codereview.chromium.org ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-9vjw-qpx7-3vwc: Multiple buffer overflows in vorbis_dec↗2022-05-13

▶

OSV

CVE-2011-0480: Multiple buffer overflows in vorbis_dec↗2011-01-14

▶

CVEList

CVE-2011-0480: Multiple buffer overflows in vorbis_dec↗2011-01-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft MPEG Layer-3 Audio - Stack Overflow (MS10-026) (Metasploit)↗2011-08-13

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2011-04-04

▶

Debian

CVE-2011-0480: ffmpeg - Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as us...↗2011

▶