6.5

CVE-2015-1207

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version41.0.2251.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.84% 0.53
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html
https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9
https://bugs.chromium.org/p/chromium/issues/detail?id=444539