CVE-2011-0480
Description
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflows in FFmpeg's Vorbis decoder allow remote code execution via crafted WebM files, affecting Chrome and Chrome OS before version 8.0.552.237/344.
Vulnerability
Multiple buffer overflows exist in vorbis_dec.c within the Vorbis decoder of FFmpeg, as used in Google Chrome before version 8.0.552.237 and Chrome OS before 8.0.552.344. The overflows occur when processing specially crafted WebM files, specifically in buffers for the channel floor and channel residue data. The vulnerability is triggered by malformed Vorbis headers within the WebM container. [4]
Exploitation
An attacker can exploit this vulnerability by crafting a malicious WebM file containing oversized or malformed Vorbis header data for channel floor or residue. No authentication is required; the attacker only needs to deliver the file to a victim, who must open it in a vulnerable version of Chrome or Chrome OS (or any application using the affected FFmpeg library). The file can be hosted on a website or sent as an attachment.
Impact
Successful exploitation leads to memory corruption, which can cause a denial of service (application crash) or potentially allow arbitrary code execution with the privileges of the user running the browser. The impact is limited to the context of the browser process.
Mitigation
The vulnerability was fixed in Google Chrome version 8.0.552.237 and Chrome OS version 8.0.552.344, released on January 14, 2011. The fix is also included in the FFmpeg codebase via a patch that adds bounds checking to the Vorbis header parsing [4]. Users should update to the latest versions. No workaround is available for unpatched versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Buffer copy without checking size of input in vorbis_dec.c leads to overflow in channel floor and channel residue buffers."
Attack vector
An attacker crafts a malicious WebM file containing specially formed Vorbis audio data. When the Vorbis decoder in FFmpeg (as used in Chrome/Chrome OS) processes this file, it copies data into buffers for the channel floor and channel residue without verifying that the input size fits within the allocated buffer size [CWE-120]. This causes a buffer overflow, leading to memory corruption and a crash, and may potentially allow further exploitation. The attack is delivered remotely by luring a user to open the crafted WebM file.
Affected code
The vulnerability resides in `vorbis_dec.c` within the Vorbis decoder of FFmpeg. The bug involves insufficient bounds checking on buffers allocated for (1) the channel floor and (2) the channel residue when processing crafted WebM files.
What the fix does
The advisory does not include a specific patch diff. The recommended remediation is to upgrade FFmpeg (and downstream consumers such as Chrome/Chrome OS) to a version containing the fix. The Chrome advisory indicates that version 8.0.552.237 (Chrome) and 8.0.552.344 (Chrome OS) resolve the issue. No further details on the exact code change are provided in the available references.
Preconditions
- inputThe victim must open a crafted WebM file using an affected version of FFmpeg or Chrome/Chrome OS.
- networkNo authentication or special privileges are required; the attack is remote.
Reproduction
A public issue tracker reference is available at http://code.google.com/p/chromium/issues/detail?id=68115, but the bundle does not include reproduction steps or a PoC script. Therefore, no reproduction steps can be provided.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
20- codereview.chromium.org/5964011nvdPatchVendor Advisory
- code.google.com/p/chromium/issues/detailnvdExploitIssue TrackingPatchVendor Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingThird Party Advisory
- codereview.chromium.org/6069005nvdVendor Advisory
- ffmpeg.mplayerhq.hunvdThird Party Advisory
- googlechromereleases.blogspot.com/2011/01/chrome-stable-release.htmlnvdVendor Advisory
- secunia.com/advisories/42951nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2306nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/bid/45788nvdThird Party AdvisoryVDB Entry
- www.srware.net/forum/viewtopic.phpnvdThird Party Advisory
- www.ubuntu.com/usn/usn-1104-1/nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/64671nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380nvdThird Party Advisory
- article.gmane.org/gmane.comp.video.ffmpeg.devel/122703nvdBroken Link
- osvdb.org/70463nvdBroken Link
- roundup.ffmpeg.org/issue2548nvdBroken Link
- roundup.ffmpeg.org/issue2550nvdBroken Link
- src.chromium.org/viewvc/chromenvdBroken Link
- git.ffmpeg.orgnvd
News mentions
0No linked articles in our index yet.