CVE-2016-10192

critical

Description

Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.

References

https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156

https://ffmpeg.org/security.html

http://www.securityfocus.com/bid/95991

http://www.openwall.com/lists/oss-security/2017/02/02/1

http://www.openwall.com/lists/oss-security/2017/01/31/12

Details

Source: Mitre, NVD

Published: 2017-02-09

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical