PT-2011-2379 · Google+1 · Google Chrome+2
Published
2011-01-14
·
Updated
2020-07-24
·
CVE-2011-0480
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FFmpeg versions used in Google Chrome before 8.0.552.237
Google Chrome before 8.0.552.237
Chrome OS before 8.0.552.344
Description
The issue is related to multiple buffer overflows in the Vorbis decoder, specifically in the vorbis dec.c file. This can be exploited by remote attackers using a crafted WebM file, potentially leading to a denial of service through memory corruption and application crash. The buffer overflows are related to buffers for the channel floor and the channel residue.
Recommendations
For Google Chrome before 8.0.552.237, update to version 8.0.552.237 or later to resolve the issue.
For Chrome OS before 8.0.552.344, update to version 8.0.552.344 or later to resolve the issue.
As a temporary workaround, consider avoiding the use of crafted WebM files until the issue is resolved.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chrome Os
Ffmpeg
Google Chrome