Launchpad CVE tracker

CVE 2015-6761

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.

Related bugs and status

CVE-2015-6761 (Candidate) is related to these bugs:

Bug #1522411: Chromium in Ubuntu still to version 45.0.2454.101 not update to version 46.0.2490.71 as Debian Chromium present version.

Summary				In	Importance	Status
	1522411	Chromium in Ubuntu still to version 45.0.2454.101 not update to version 46.0.2490.71 as Debian Chromium present version.		chromium-browser (Ubuntu)	High	Fix Released

Bug #1523692: FFmpeg security fixes December 2015

Summary				In	Importance	Status
	1523692	FFmpeg security fixes December 2015		ffmpeg (Ubuntu)	Medium	Fix Released

Bug #1528682: FFmpeg security fixes December 2015 II

Summary				In	Importance	Status
	1528682	FFmpeg security fixes December 2015 II		ffmpeg (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-6761

References