Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3157

Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.

Related bugs and status

CVE-2014-3157 (Candidate) is related to these bugs:

Bug #1331375: Update Chromium to >= 36.0.1985.125 (including security fixes)

Summary				In	Importance	Status
	1331375	Update Chromium to >= 36.0.1985.125 (including security fixes)		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
BID: 67972
SECUNIA: 58585
SECUNIA: 59090
GENTOO: GLSA-201408-16
SECUNIA: 60372
SECUNIA: 60061
CONFIRM: https://src.chromium.o...
DEBIAN: DSA-2959