Vulnerability Details : CVE-2014-7937
Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2014-7937
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7937
2.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7937
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-7937
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7937
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
[security-announce] openSUSE-SU-2015:0441-1: important: Security update
-
https://security.gentoo.org/glsa/201603-06
FFmpeg: Multiple vulnerabilities (GLSA 201603-06) — Gentoo security
-
https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/d4608b7c83f56b17f14fdd94990341f62bb52f92
d4608b7c83f56b17f14fdd94990341f62bb52f92 - chromium/third_party/ffmpeg - Git at Google
-
http://secunia.com/advisories/62665
Sign in
-
http://www.securitytracker.com/id/1031623
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service - SecurityTracker
-
http://www.securityfocus.com/bid/72288
Google Chrome 40.0.2214.91 Multiple Security Vulnerabilities
-
http://www.ubuntu.com/usn/USN-2476-1
USN-2476-1: Oxide vulnerabilities | Ubuntu security notices
-
http://rhn.redhat.com/errata/RHSA-2015-0093.html
RHSA-2015:0093 - Security Advisory - Red Hat Customer Portal
-
https://code.google.com/p/chromium/issues/detail?id=419060
419060 - Heap-use-after-free in vorbis_decode_frame - chromium - Monorail
-
http://googlechromereleases.blogspot.com/2015/01/stable-update.html
Chrome Releases: Stable Channel Update
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057
git.videolan.org Git - ffmpeg.git/commitPatch
-
http://secunia.com/advisories/62383
Sign in
-
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c50704ebf1777bee76772c4835d9760b3721057
git.videolan.org Git
-
http://security.gentoo.org/glsa/glsa-201502-13.xml
Chromium: Multiple vulnerabilities (GLSA 201502-13) — Gentoo security
-
http://secunia.com/advisories/62575
Sign in
Jump to