CVE-2017-5049
HIGHGoogle Chrome < 57.0.2987.98 - Integer Overflow in FFmpeg ChunkDemuxer
Title source: llmDescription
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
Issue Tracking x_refsource_confirm
https://crbug.com/679646
Scores
CVSS v3
8.8
EPSS
0.0085
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (2)
google/chrome
< 57.0.2987.75
n/a/Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
Published
Apr 25, 2017
Tracked Since
Feb 18, 2026