CVE-2015-8480
Google Chrome < 46.0.2490.86 - Use-After-Free in VideoFramePool
Title source: llmDescription
The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in FFmpeg.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
Issue Tracking x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=514759
Scores
EPSS
0.0135
EPSS Percentile
68.1%
Details
CWE
CWE-119
Status
published
Products (1)
google/chrome
< 46.0.2490.86
Published
Dec 06, 2015
Tracked Since
Feb 18, 2026