QwikSec

Security Database

CVE

CWE

Training

CVE-2014-7937

Published: Jan 22, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

https://code.google.com/p/chromium/issues/detail?id=419060

x_refsource_CONFIRM

http://googlechromereleases.blogspot.com/2015/01/stable-update.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_GENTOO

https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/d4608b7c83f56b17f14fdd94990341f62bb52f92

x_refsource_CONFIRM

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=8c50704ebf1777bee76772c4835d9760b3721057

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_SECTRACK

openSUSE-SU-2015:0441

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.