CVE-2015-1258 — Google Chrome vulnerability

CWE-1899 documents8 sources

Severity

7.5HIGHNVD

EPSS

2.1%

top 15.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webmproject Libvpx Google Chrome Debian Linux

Timeline

PublishedMay 20

Latest updateMay 17

Description

Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome42.0.2311.152

▶Debianwebmproject/libvpx< 1.4.0-4+3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-mwxh-q8vv-r69f: Google Chrome before 43↗2022-05-17

▶

CVEList

CVE-2015-1258: Google Chrome before 43↗2015-05-20

▶

OSV

CVE-2015-1258: Google Chrome before 43↗2015-05-20

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-05-21

▶

Red Hat

chromium-browser: Negative-size parameter in Libvpx.↗2015-05-19

▶

Debian

CVE-2015-1258: libvpx - Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with ...↗2015

▶

💬Community

Bugzilla

CVE-2015-1258 libvpx: chromium-browser: Negative-size parameter in Libvpx. [fedora-all]↗2015-05-28

▶

Bugzilla

CVE-2015-1258 chromium-browser: Negative-size parameter in Libvpx.↗2015-05-20

▶