CVE-2017-5051
HIGHGoogle Chrome < 57.0.2987.98 - Remote Code Execution via FFmpeg Integer Overflow
Title source: llmDescription
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
Issue Tracking x_refsource_confirm
https://crbug.com/679641
Scores
CVSS v3
8.8
EPSS
0.0084
EPSS Percentile
53.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (2)
google/chrome
< 57.0.2987.75
n/a/Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
Published
Apr 25, 2017
Tracked Since
Feb 18, 2026