CVE-2015-8480

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 47.0.2526.73

Description The issue is related to the VideoFramePool::PoolImpl::CreateFrame function in Google Chrome, which does not initialize memory for a video-frame data structure. This might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3 h loop filter c function in libavcodec/vp3dsp.c in FFmpeg.

Recommendations For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later to resolve the issue. As a temporary workaround, consider restricting the use of the VideoFramePool::PoolImpl::CreateFrame function until a patch is available. Avoid using the vp3 h loop filter c function in the affected libavcodec/vp3dsp.c file until the issue is resolved.