Vulnerability Details : CVE-2016-5199
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2016-5199
Probability of exploitation activity in the next 30 days: 1.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-5199
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-5199
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5199
-
https://crbug.com/643948
643948 - Security: chrome_child!mov_read_keys - Heap corruption as a result of an off-by-1 zero allocation - chromium - Monorail
-
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
Chrome Releases: Stable Channel Update for Desktop
-
http://rhn.redhat.com/errata/RHSA-2016-2718.html
RHSA-2016:2718 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1037273
Google Chrome Flaws Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/94196
Google Chrome Multiple Security Vulnerabilities
-
https://security.gentoo.org/glsa/201611-16
Chromium: Multiple vulnerabilities (GLSA 201611-16) — Gentoo security
Products affected by CVE-2016-5199
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*