Vulnerability Description
Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 35.0.1916.152 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html
- http://secunia.com/advisories/58585
- http://secunia.com/advisories/59090
- http://secunia.com/advisories/60061
- http://secunia.com/advisories/60372
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2959
- http://www.securityfocus.com/bid/67972
- https://code.google.com/p/chromium/issues/detail?id=368980
- https://src.chromium.org/viewvc/chrome?revision=268831&view=revision
- http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html
- http://secunia.com/advisories/58585
- http://secunia.com/advisories/59090
- http://secunia.com/advisories/60061
- http://secunia.com/advisories/60372
FAQ
What is CVE-2014-3157?
CVE-2014-3157 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial o...
How severe is CVE-2014-3157?
CVE-2014-3157 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3157?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.