Integer Overflow Vulnerability in FFmpeg Component of Google Chrome
CVE-2017-5050

8.8HIGH

Key Information:

Vendor
Google
Status
Google Chrome Prior To 57.0.2987.98 For Mac, Windows And Linux, And 57.0.2987.108 For Android
Vendor
CVE Published:
25 April 2017

Summary

The vulnerability involves an integer overflow in the FFmpeg library utilized by Google Chrome, which can be exploited by remote attackers. By crafting a malicious video file, an attacker could trigger an out of bounds memory write on affected systems, potentially leading to arbitrary code execution. This issue impacts various platforms, including Mac, Windows, Linux, and Android versions of Google Chrome prior to specified builds.

Affected Version(s)

Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android

References

https://chromereleases.googleblog.com/2017/03/stable-chan...
x_refsource_CONFIRM
https://crbug.com/679645
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.