Vulnerability CVE-2017-5051


Published: 2017-04-24   Modified: 2017-04-28

Description:
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

Vendor: Google
Product: Chrome 
Version: 57.0.2987.75; 57.0.2987.100;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
https://crbug.com/679641

Related CVE
CVE-2017-0828
An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.
CVE-2017-0829
An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.
CVE-2017-0827
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872.
CVE-2017-0826
An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781.
CVE-2017-0823
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.
CVE-2017-0824
An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001.
CVE-2017-0825
An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002.
CVE-2017-0822
An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722.

Copyright 2017, cxsecurity.com

 

Back to Top