Lucene search

ChromeCVE-2015-1207

HistoryJun 06, 2017 - 6:29 p.m.

CVE-2015-1207

2017-06-0618:29:00

CWE-415

Chrome

web.nvd.nist.gov

cve-2015-1207

double-free vulnerability

libavformat

mov.c

ffmpeg

google chrome

denial of service

memory corruption

crash

.m4a file

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

76.7%

JSON

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

Affected configurations

Nvd

Node

googlechromeMatch41.0.2251.0

Node

debiandebian_linuxMatch8.0

VendorProductVersionCPE
googlechrome41.0.2251.0cpe:2.3:a:google:chrome:41.0.2251.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*