CVE-2014-3157

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 35.0.1916.153

Description The issue is related to a heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function, located in media/filters/ffmpeg video decoder.cc. This overflow occurs when handling VideoFrame data structures that are too small for proper interaction with the underlying FFmpeg library. Exploitation of this issue allows remote attackers to cause a denial of service or possibly have other unspecified impacts on the system.

Recommendations For versions prior to 35.0.1916.153, update to version 35.0.1916.153 or later to resolve the issue. As a temporary workaround, consider restricting the use of the FFmpegVideoDecoder::GetVideoBuffer function until a patch is applied.