CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
50.7%
The VideoFramePool::PoolImpl::CreateFrame function in
media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does
not initialize memory for a video-frame data structure, which might allow
remote attackers to cause a denial of service (out-of-bounds memory access)
or possibly have unspecified other impact by leveraging improper
interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in
FFmpeg.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | chromium-browser | < 47.0.2526.73-0ubuntu0.14.04.1.1106 | UNKNOWN |
ubuntu | 15.04 | noarch | chromium-browser | < 47.0.2526.73-0ubuntu0.15.04.1.1190 | UNKNOWN |
ubuntu | 15.10 | noarch | chromium-browser | < 47.0.2526.73-0ubuntu0.15.10.1.1215 | UNKNOWN |
ubuntu | 14.04 | noarch | oxide-qt | < 1.11.3-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.04 | noarch | oxide-qt | < 1.11.3-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | oxide-qt | < 1.11.3-0ubuntu0.15.10.1 | UNKNOWN |