FILE-MULTIMEDIA Apple QuickTime movie file keys atom integer overflow attempt
CVSS base score 8.8
CVSS impact score 5.9
CVSS exploitability score 2.8
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
CVE-2016-5199: An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
- google chrome 54.0.2840.87
Ease of attack
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.