Integer Overflow in FFmpeg Affects Google Chrome for Multiple Platforms
CVE-2017-5037

7.8HIGH

Key Information:

Vendor

Google
Status
Google Chrome Prior To 57.0.2987.98 For Mac, Windows And Linux, And 57.0.2987.108 For Android
Vendor
CVE Published:
24 April 2017

What is CVE-2017-5037?

A vulnerability exists in FFmpeg within Google Chrome that can lead to an integer overflow. This flaw allows remote attackers to exploit crafted video files for an out of bounds memory write. It particularly relates to the ChunkDemuxer component and affects various versions of Google Chrome across multiple platforms, including Mac, Windows, Linux, and Android. Users are encouraged to update their browsers to mitigate risks associated with this security issue.

Affected Version(s)

Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android

References

https://chromereleases.googleblog.com/2017/03/stable-chan...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201704-02
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3810
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.