CVE-2017-5024

🗓️ 17 Feb 2017 07:45:00Reported by ChromeType

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file

Reporter	Title	Published	Views	Family All 65
FreeBSD	ffmpeg -- heap overflow in lavf/mov.c	25 Jan 201700:00	–	freebsd
AlpineLinux	CVE-2017-5024	17 Feb 201707:45	–	alpinelinux
ArchLinux	[ASA-201701-33] chromium: multiple issues	27 Jan 201700:00	–	archlinux
ArchLinux	[ASA-201702-10] ffmpeg: arbitrary code execution	12 Feb 201700:00	–	archlinux
CNVD	Google Chrome FFmpeg Heap Overflow Code Execution Vulnerability (CNVD-2017-02110)	20 Feb 201700:00	–	cnvd
Cvelist	CVE-2017-5024	17 Feb 201707:45	–	cvelist
Debian	[SECURITY] [DSA 3776-1] chromium-browser security update	31 Jan 201701:24	–	debian
Debian	[SECURITY] [DSA 3776-1] chromium-browser security update	31 Jan 201701:24	–	debian
Debian CVE	CVE-2017-5024	17 Feb 201707:45	–	debiancve
Tenable Nessus	Debian DSA-3776-1 : chromium-browser - security update	31 Jan 201700:00	–	nessus

NVD

Node

google chromeRange≤55.0.2883.87

[
  {
    "product": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac"
      }
    ]
  }
]

Source	Link
debian	www.debian.org/security/2017/dsa-3776
chromereleases	www.chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
security	www.security.gentoo.org/glsa/201701-66
security	www.security.gentoo.org/glsa/201705-05
crbug	www.crbug.com/643951
rhn	www.rhn.redhat.com/errata/RHSA-2017-0206.html
securitytracker	www.securitytracker.com/id/1037718
securityfocus	www.securityfocus.com/bid/95792

13 May 2026 00:24Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.3

CVSS 35.5

EPSS0.00202

CWE-119