Potential Risk of CVE

CVE-2025-3619: Heap buffer overflow in Codecs in Google Chrome on Windows (17-04-2025)

Leave a comment

Preface: OpenH264 is a free software library for real-time encoding and decoding video streams in the H. 264/MPEG-4 AVC format.

Background: The Best Video Formats for Uploading to Google Drive. You can upload and preview several video types in Google Drive, such as MP4, WMV, FLV, AVI, H. 264, MPEG4, VP8, to mention a few.

Ref: OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage.

Vulnerability details: Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-3619

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.