Description
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugs.chromium.org/p/chromium/issues/detail?id=453979
Various Sources x_refsource_confirm
https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9
Issue Tracking x_refsource_confirm
https://bugs.chromium.org/p/chromium/issues/detail?id=444522
Scores
CVSS v3
5.5
EPSS
0.0072
EPSS Percentile
49.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (1)
google/chrome
< 41.0.2251.0
Published
Oct 06, 2017
Tracked Since
Feb 18, 2026