Heap Corruption Vulnerability in FFmpeg Component of Google Chrome
CVE-2017-5025

5.5MEDIUM

Key Information:

Vendor
Google
Status
Google Chrome Prior To 56.0.2924.76 For Linux, Windows And Mac
Vendor
CVE Published:
17 February 2017

Summary

A vulnerability exists in the FFmpeg component of Google Chrome, affecting specific versions across Linux, Windows, and Mac platforms. This security flaw is rooted in failure to properly check memory bounds, allowing a remote attacker to potentially exploit heap corruption when a user opens a specially crafted video file. This issue underscores the importance of keeping browser software up to date to mitigate risks associated with file handling vulnerabilities.

Affected Version(s)

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac

References

http://www.securityfocus.com/bid/95792
vdb-entryx_refsource_BID
https://crbug.com/643950
x_refsource_CONFIRM
https://chromereleases.googleblog.com/2017/01/stable-chan...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.