CVE-2011-0480
https://notcve.org/view.php?id=CVE-2011-0480
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. Múltiples desbordamientos de búfer en el decodificador Vorbis en Google Chrome antes de v8.0.552.237 y Chrome OS antes de v8.0.552.344 permiten a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550 http://code.google.com/p/chromium/issues/detail?id=68115 http://codereview.chromium.org/5964011 http://codereview.chromium.org/6069005 http://ffmpeg.mplayerhq.hu http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=13184036a6b1b1d4b61c91118c0896e9ad4634c3 http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html http://osvdb.org/70463 http://roundup.ffmpeg. • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2011-0477
https://notcve.org/view.php?id=CVE-2011-0477
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors. Google Chrome antes de v8.0.552.237 y Chrome OS antes de v8.0.552.344 no controla correctamente una discordancia en los tamaños de fotograma de vídeo, lo que permite a atacantes remotos provocar una denegación de servicio (por acceso a memoria incorrecto) o posiblemente tener un impacto no especificado a través de vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=67303 http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html http://osvdb.org/70460 http://secunia.com/advisories/42951 http://www.securityfocus.com/bid/45788 http://www.srware.net/forum/viewtopic.php?f=18&t=2054 https://exchange.xforce.ibmcloud.com/vulnerabilities/64668 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14390 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0476
https://notcve.org/view.php?id=CVE-2011-0476
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error. Google Chrome antes de v8.0.552.237 y Chrome OS antes de v8.0.552.344 permiten a atacantes remotos provocar una denegación de servicio (por corrupción de memoria de pila) o posiblemente tener un impacto no especificado a través de un documento PDF que provoca un error de falta de memoria. • http://code.google.com/p/chromium/issues/detail?id=67208 http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html http://osvdb.org/70459 http://secunia.com/advisories/42951 http://www.securityfocus.com/bid/45788 http://www.srware.net/forum/viewtopic.php?f=18&t=2054 https://exchange.xforce.ibmcloud.com/vulnerabilities/64667 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0485
https://notcve.org/view.php?id=CVE-2011-0485
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer." Google Chrome antes de v8.0.552.237 y Chrome OS antes de v8.0.552.344 no manejan correctamente datos de voz, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados que provocan punteros bloqueados. • http://code.google.com/p/chromium/issues/detail?id=68666 http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html http://osvdb.org/70468 http://secunia.com/advisories/42951 http://www.securityfocus.com/bid/45788 http://www.srware.net/forum/viewtopic.php?f=18&t=2054 https://exchange.xforce.ibmcloud.com/vulnerabilities/64676 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14381 • CWE-20: Improper Input Validation •
CVE-2011-0479
https://notcve.org/view.php?id=CVE-2011-0479
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. Google Chrome antes de v8.0.552.237 y Chrome OS antes de v8.0.552.344 no interactuan correctamente con las extensiones, lo que permite provocar a atacantes remotos una denegación de servicio a través de una extensión debidamente modificada que genera un puntero no inicializado. • http://code.google.com/p/chromium/issues/detail?id=67393 http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html http://osvdb.org/70462 http://secunia.com/advisories/42951 http://www.securityfocus.com/bid/45788 http://www.srware.net/forum/viewtopic.php?f=18&t=2054 https://exchange.xforce.ibmcloud.com/vulnerabilities/64670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14746 • CWE-824: Access of Uninitialized Pointer •