CVE-2012-5144 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

3.5%

top 12.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Canonical Ubuntu Linux Libav +2 more

Timeline

PublishedDec 12

Latest updateMay 14

Description

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDgoogle/chrome23.0.1271.96+67

▶NVDlibav/libav12 versions+11

▶debiandebian/ffmpeg

▶NVDopensuse/opensuse12.1, 12.2+1

Also affects: Ubuntu Linux 11.10, 12.04, 12.10

🔴Vulnerability Details

GHSA

GHSA-6c83-9pcg-77c5: Google Chrome before 23↗2022-05-14

▶

📋Vendor Advisories

Ubuntu

Libav vulnerabilities↗2013-01-28

▶

Debian

CVE-2012-5144: ffmpeg - Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before...↗2012

▶