Denial of Service Vulnerability in Google Chrome's libvpx Code

Denial of Service Vulnerability in Google Chrome's libvpx Code

CVE-2015-1258 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.

Learn more about our Cis Benchmark Audit For Google Chrome.