Описание
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-5144
- https://code.google.com/p/chromium/issues/detail?id=161639
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16007
- http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html
- http://libav.org/releases/libav-0.7.7.changelog
- http://libav.org/releases/libav-0.8.5.changelog
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00073.html
- http://www.ubuntu.com/usn/USN-1705-1
Связанные уязвимости
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0. ...