CVE-2015-1258

2015-05-20 12:59:10 2017-01-03 03:59:47

Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Debian Linux 8.0 (Jessie)

Google Chrome 42.0.2311.152

Google - Chrome Debian - Debian linux

Advisory	Patch	Confirmed	Link
			DSA-3267
			openSUSE-SU-2015:1877
			FEDORA-2015-15936
			https://code.google.com/p/chromium/issues/detail?id=4509...
			74723
			1032375
			openSUSE-SU-2015:0969
			FEDORA-2015-15935
			FEDORA-2015-15934
			http://googlechromereleases.blogspot.com/2015/05/stable-...
			https://codereview.chromium.org/1106303002
			GLSA-201506-04

CVE-2015-1258

2015-05-20 12:59:10 2017-01-03 03:59:47

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)