Fluid Attacks Database

Description

Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libvpx	>=0 <1.4.0-4	1.4.0-4
debian 13	libvpx	>=0 <1.4.0-4	1.4.0-4
debian 14	libvpx	>=0 <1.4.0-4	1.4.0-4
debian 12	libvpx	>=0 <1.4.0-4	1.4.0-4
rpm rhel7	libvpx	-	-
rpm rhel6	libvpx	-	-

Aliases

1. CVE-2015-12582. NVD-2015-12583. OSV-DEBIAN-2015-12584. OSV-2015-12585. SECURITY-TRACKER-CVE-2015-1258

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.