Search for vulnerabilities
Vulnerability details: VCID-44v4-hm12-aaac
Vulnerability ID VCID-44v4-hm12-aaac
Aliases CVE-2015-1258
Summary Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
generic_textual Medium http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1258.html
rhas Important https://access.redhat.com/errata/RHSA-2015:1023
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01334 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.01404 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02111 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.02413 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-1258
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1223266
generic_textual Low https://code.google.com/p/chromium/issues/detail?id=450939
generic_textual Low https://codereview.chromium.org/1106303002
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1251
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1253
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1254
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1255
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1257
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1259
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1260
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1262
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1263
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1264
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1265
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3910
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-1258
generic_textual Medium https://ubuntu.com/security/notices/USN-2610-1
Reference id Reference type URL
http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166975.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1258.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1258.json
https://api.first.org/data/v1/epss?cve=CVE-2015-1258
https://code.google.com/p/chromium/issues/detail?id=450939
https://codereview.chromium.org/1106303002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1259
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3910
https://security.gentoo.org/glsa/201506-04
https://ubuntu.com/security/notices/USN-2610-1
http://www.debian.org/security/2015/dsa-3267
http://www.securityfocus.com/bid/74723
http://www.securitytracker.com/id/1032375
1223266 https://bugzilla.redhat.com/show_bug.cgi?id=1223266
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2015-1258 https://nvd.nist.gov/vuln/detail/CVE-2015-1258
RHSA-2015:1023 https://access.redhat.com/errata/RHSA-2015:1023
USN-2610-1 https://usn.ubuntu.com/2610-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-1258
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.78942
EPSS Score 0.01334
Published At May 20, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.