CVE-2015-1206 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 51.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedOct 6

Latest updateMay 17

Description

Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDgoogle/chrome41.0.2251.0

🔴Vulnerability Details

GHSA

GHSA-68pp-qpjg-xvph: Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) v↗2022-05-17

▶

OSV

CVE-2015-1206: Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) v↗2017-10-06

▶