CVE-2015-8479 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 65.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 6

Latest updateMay 17

Description

Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome46.0.2490.86

🔴Vulnerability Details

GHSA

GHSA-f37m-mqw6-rqv5: Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device↗2022-05-17

▶

OSV

CVE-2015-8479: Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device↗2015-12-06

▶

📋Vendor Advisories

Red Hat

chromium-browser: Various fixes from internal audits↗2015-12-01

▶

💬Community

Bugzilla

CVE-2015-6787 CVE-2015-8479 CVE-2015-8480 chromium-browser: Various fixes from internal audits↗2015-12-02

▶