CVE-2016-10190

CRITICAL

Ffmpeg < 2.8.9 - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

Exploits (1)

nomisec WORKING POC 2 stars

by muzalam · poc

https://github.com/muzalam/FFMPEG-exploit

View Code ZIP pw:eip

References (7)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/01/31/12

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/02/02/1

[Release Notes, Vendor Advisory] https://ffmpeg.org/security.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html

[Various Sources] https://trac.ffmpeg.org/ticket/5992

[Patch] https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95986

Scores

CVSS v3 9.8

EPSS 0.1019

EPSS Percentile 93.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (14)

ffmpeg/ffmpeg 3.0

ffmpeg/ffmpeg 3.0.1

ffmpeg/ffmpeg 3.0.2

ffmpeg/ffmpeg 3.0.3

ffmpeg/ffmpeg 3.0.4

ffmpeg/ffmpeg 3.1

ffmpeg/ffmpeg 3.1.1

ffmpeg/ffmpeg 3.1.2

ffmpeg/ffmpeg 3.1.3

ffmpeg/ffmpeg 3.1.4

... and 4 more

Published Feb 09, 2017

Tracked Since Feb 18, 2026