CVE-2014-3157 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

7.5HIGHNVD

OSV7.8

EPSS

2.9%

top 13.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJun 11

Latest updateMay 14

Description

Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome35.0.1916.152+103

🔴Vulnerability Details

GHSA

GHSA-xrpx-wqmr-pmxg: Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder↗2022-05-14

▶

OSV

oxide-qt vulnerabilities↗2014-07-23

▶

OSV

CVE-2014-3157: Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder↗2014-06-11

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2014-07-23

▶