CVE-2014-7937 (retired)

Priority
Description
Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before
2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers
to cause a denial of service (use-after-free) or possibly have unspecified
other impact via crafted Vorbis I data.
Notes
 mdeslaur> as of 2015-05-08, no equivalent fix in libav
Package
Upstream:released (40.0.2214.91)
Ubuntu 14.04 LTS (Trusty Tahr):released (40.0.2214.94-0ubuntu0.14.04.1.1068)
Ubuntu 16.04 LTS (Xenial Xerus):released (40.0.2214.94-0ubuntu1.1120)
Package
Source: libav (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (1.4.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.4.2-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.4.2-0ubuntu1)
More Information

Updated: 2019-03-26 12:13:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)