Your submission was sent successfully! Close

CVE-2015-1206

Published: 06 October 2017

Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (40.0.2214.91)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (40.0.2214.94-0ubuntu1.1120)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (40.0.2214.94-0ubuntu1.1120)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [40.0.2214.94-0ubuntu0.14.04.1.1068])
ffmpeg
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.6)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

gst-libav1.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(compiled with `--with-system-libav`)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(compiled with `--with-system-libav`)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [compiled with `--with-system-libav`])
mythtv
Launchpad, Ubuntu, Debian
Upstream
Released (mythtv-0.28.0+fixes.20160413.15cf421)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(FFmpeg version 3.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(FFmpeg version 3.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
oxide-qt
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(Ubuntu touch end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [Ubuntu touch end-of-life])
vlc
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])