CVE-2015-1258

Description

Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.

How to fix CVE-2015-1258

To remediate CVE-2015-1258, upgrade the affected package to a fixed version below.

• Debian/libvpx—upgrade to 1.4.0-4 or later

Is CVE-2015-1258 being exploited?

Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.4.0-4

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-1258