FFmpeg contains an unspecified overflow condition in the 'matroska_parse_block' function in libavformat/matroskadec.c. With a specially crafted MKV file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

OSVDB is not currently aware of a solution for this vulnerability.

Upgrade to Google Chrome version 17.0.963.56 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2011-3019 (see also: NVD)
• Secunia Advisory ID: 48016 48059 48866
• Related OSVDB ID: 79283 79284 79285 79286 79288 79289 79290 79291 79292 79293 79294 79295
• Vendor Specific News/Changelog Entry: http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
  http://security.gentoo.org/glsa/glsa-201202-01.xml
  http://www.srware.net/forum/viewtopic.php?f=18&t=3521
• Vendor Specific Advisory URL: https://code.google.com/p/chromium/issues/detail?id=110849

• scarybeasts - Google Chrome Security Team
• Mateusz Jurczyk - Google Security Team
• Gynvael Coldwind - Google Security Team