High severity8.8NVD Advisory· Published Jan 30, 2018· Updated Jun 17, 2026
CVE-2018-6406
CVE-2018-6406
Description
The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact.
Affected products
6- osv-coords5 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/re2&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/re2&distro=SUSE%20Package%20Hub%2012%20SP2
< 93.0.4577.82-1.1+ 4 more
- (no CPE)range: < 93.0.4577.82-1.1
- (no CPE)range: < 64.0.3282.140-49.1
- (no CPE)range: < 64.0.3282.140-49.1
- (no CPE)range: < 20180201-8.1
- (no CPE)range: < 20180201-8.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.