Home

CVE-2016-5199

Description

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.72

Associated Vulnerability

VulnerabilityOS Platform
Update for Google Chrome (54.0.2840.99)Windows
Update for Google Chrome x64 (54.0.2840.99)Windows
Updates for Google Chrome (66.0.3359.170)Windows
Updates for Google Chrome (x64) (66.0.3359.170)Windows
Updates for Google Chrome (66.0.3359.181)Windows
Updates for Google Chrome (x64) (66.0.3359.181)Windows
Updates for Google Chrome (67.0.3396.62)Windows
Updates for Google Chrome (x64) (67.0.3396.62)Windows
Updates for Google Chrome (67.0.3396.79)Windows
Updates for Google Chrome (x64) (67.0.3396.79)Windows
Updates for Google Chrome (67.0.3396.87)Windows
Updates for Google Chrome (x64) (67.0.3396.87)Windows
Google Chrome (67.0.3396.99)Windows
Google Chrome (x64) (67.0.3396.99)Windows
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome (x64) 54.0.2840.98Windows
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome (x64) 54.0.2840.100Windows
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.98Windows
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.100Windows
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Google Chrome for Mac 54.0.2840.100Mac
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Update for Google Chrome For Mac (54.0.2840.98)Mac
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Google Chrome for Mac 54.0.2840.99Mac
Web browser engine for Qt (QML plugin) (USN-3133-1) liboxideqtcore0_1.18.5-0ubuntu0.14.04.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3133-1) liboxideqtcore0_1.18.5-0ubuntu0.14.04.1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-3133-1) liboxideqtcore0_1.18.5-0ubuntu0.16.04.1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-3133-1) liboxideqtcore0_1.18.5-0ubuntu0.16.04.1_amd64.debLinux
Update for Google Chrome (54.0.2840.99) (For Ubuntu)Linux
Updates for Google Chrome (66.0.3359.170) (For Ubuntu)Linux
Update for Google Chrome (54.0.2840.99) (For Debian)Linux
Updates for Google Chrome (66.0.3359.170) (For Debian)Linux
Updates for Google Chrome (66.0.3359.181) (For Debian)Linux
Updates for Google Chrome (67.0.3396.62) (For Debian)Linux
Updates for Google Chrome (67.0.3396.79) (For Debian)Linux
Updates for Google Chrome (67.0.3396.87) (For Debian)Linux
Google Chrome (67.0.3396.99) (For Debian)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.98 (For Debian)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.100 (For Debian)Linux
Update for Google Chrome (54.0.2840.99) (For Centos)Linux
Updates for Google Chrome (66.0.3359.170) (For Centos)Linux
Updates for Google Chrome (66.0.3359.181) (For Centos)Linux
Updates for Google Chrome (67.0.3396.62) (For Centos)Linux
Updates for Google Chrome (67.0.3396.79) (For Centos)Linux
Updates for Google Chrome (67.0.3396.87) (For Centos)Linux
Google Chrome (67.0.3396.99) (For Centos)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.98 (For Centos)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.100 (For Centos)Linux
Update for Google Chrome (54.0.2840.99) (For RedHat)Linux
Updates for Google Chrome (66.0.3359.170) (For RedHat)Linux
Updates for Google Chrome (66.0.3359.181) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.62) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.79) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.87) (For RedHat)Linux
Google Chrome (67.0.3396.99) (For RedHat)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.98 (For RedHat)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.100 (For RedHat)Linux
Update for Google Chrome (54.0.2840.99) (For Suse)Linux
Updates for Google Chrome (66.0.3359.170) (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Suse)Linux
Updates for Google Chrome (67.0.3396.62) (For Suse)Linux
Updates for Google Chrome (67.0.3396.79) (For Suse)Linux
Updates for Google Chrome (67.0.3396.87) (For Suse)Linux
Google Chrome (67.0.3396.99) (For Suse)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.98 (For Suse)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.100 (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.62) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.79) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.87) (For Ubuntu)Linux
Google Chrome (67.0.3396.99) (For Ubuntu)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.98 (For Ubuntu)Linux
Vulnerabilities CVE-2016-5199,CVE-2016-5200,CVE-2016-5201,CVE-2016-5202 are fixed in Chrome 54.0.2840.100 (For Ubuntu)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-304304Update for Google Chrome (54.0.2840.99)
PATCH-304305Update for Google Chrome x64 (54.0.2840.99)
PATCH-307513Updates for Google Chrome (66.0.3359.170)
PATCH-307515Updates for Google Chrome (x64) (66.0.3359.170)
PATCH-307534Updates for Google Chrome (66.0.3359.181)
PATCH-307535Updates for Google Chrome (x64) (66.0.3359.181)
PATCH-307607Updates for Google Chrome (67.0.3396.62)
PATCH-307608Updates for Google Chrome (x64) (67.0.3396.62)
PATCH-307641Updates for Google Chrome (67.0.3396.79)
PATCH-307644Updates for Google Chrome (x64) (67.0.3396.79)
PATCH-307660Updates for Google Chrome (67.0.3396.87)
PATCH-307662Updates for Google Chrome (x64) (67.0.3396.87)
PATCH-307715Google Chrome (67.0.3396.99)
PATCH-307716Google Chrome (x64) (67.0.3396.99)
PATCH-313162Google Chrome (x64) (80.0.3987.132)
PATCH-313162Google Chrome (x64) (80.0.3987.132)
PATCH-313161Google Chrome (80.0.3987.132)
PATCH-313161Google Chrome (80.0.3987.132)
PATCH-611995Google Chrome for Mac (140.0.7339.132 , 140.0.7339.133)
PATCH-609673Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)
PATCH-611995Google Chrome for Mac (140.0.7339.132 , 140.0.7339.133)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234