CVE-2011-3893 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents4 sources

Severity

6.8MEDIUMNVD

NVD5.0OSV5.0

EPSS

2.2%

top 15.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Google Chrome Debian Ffmpeg

Timeline

PublishedNov 11

Latest updateMay 17

Description

Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDgoogle/chrome< 15.0.874.120

▶debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

▶NVDffmpeg/ffmpeg0.9+13

🔴Vulnerability Details

GHSA

GHSA-fcgq-p3x8-962w: The render_line function in the vorbis codec (vorbis↗2022-05-17

▶

GHSA

GHSA-3fv3-gc7v-qvm8: Google Chrome before 15↗2022-05-13

▶

OSV

CVE-2012-0859: The render_line function in the vorbis codec (vorbis↗2012-08-20

▶

OSV

CVE-2011-3893: Google Chrome before 15↗2011-11-11

▶

📋Vendor Advisories

Debian

CVE-2012-0859: ffmpeg - The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg ...↗2012

▶

Debian

CVE-2011-3893: ffmpeg - Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis...↗2011

▶