Vulnerability Description
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 54.0.2840.87 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-2718.html
- http://www.securityfocus.com/bid/94196
- http://www.securitytracker.com/id/1037273
- https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_
- https://crbug.com/643948
- https://security.gentoo.org/glsa/201611-16
- http://rhn.redhat.com/errata/RHSA-2016-2718.html
- http://www.securityfocus.com/bid/94196
- http://www.securitytracker.com/id/1037273
- https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_
- https://crbug.com/643948
- https://security.gentoo.org/glsa/201611-16
FAQ
What is CVE-2016-5199?
CVE-2016-5199 is a vulnerability with a CVSS score of 8.8 (HIGH). An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for An...
How severe is CVE-2016-5199?
CVE-2016-5199 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5199?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.