CVE-2015-1207 - Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote

CVE-2015-1207

Summary

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

References

Vulnerable Configurations

cpe:2.3:a:google:chrome:41.0.2251.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:41.0.2251.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 04-03-2019 - 19:21)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://bugs.chromium.org/p/chromium/issues/detail?id=444539 https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9
mlist	[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update

Last major update

04-03-2019 - 19:21

Published

06-06-2017 - 18:29

Last modified

04-03-2019 - 19:21