CVE-2016-10190

CRITICAL

FFmpeg < 2.8.10, 3.0.x < 3.0.5, 3.1.x < 3.1.6, 3.2.x < 3.2.2 - RCE via Negative Chunk Size

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-10190. PoCs published by muzalam.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2016-10190, targeting a heap-based buffer overflow in FFmpeg. The exploit uses a crafted HTTP response with chunked encoding to trigger the vulnerability, followed by a ROP chain to achieve remote code execution via a reverse shell.

Description

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

Exploits (1)

nomisec WORKING POC 2 stars

by muzalam · poc

https://github.com/muzalam/FFMPEG-exploit

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2016-10190, targeting a heap-based buffer overflow in FFmpeg. The exploit uses a crafted HTTP response with chunked encoding to trigger the vulnerability, followed by a ROP chain to achieve remote code execution via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: FFmpeg (version not explicitly specified, but likely older versions vulnerable to CVE-2016-10190)

No auth needed

Prerequisites: Network access to the target FFmpeg instance · FFmpeg configured to process malicious HTTP input

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7

Core References

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2017/01/31/12

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2017/02/02/1

Patch x_refsource_confirm

https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa

Various Sources x_refsource_confirm

https://trac.ffmpeg.org/ticket/5992

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95986

Release Notes, Vendor Advisory x_refsource_confirm

https://ffmpeg.org/security.html

Scores

CVSS v3 9.8

EPSS 0.0998

EPSS Percentile 93.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (14)

ffmpeg/ffmpeg 3.0

ffmpeg/ffmpeg 3.0.1

ffmpeg/ffmpeg 3.0.2

ffmpeg/ffmpeg 3.0.3

ffmpeg/ffmpeg 3.0.4

ffmpeg/ffmpeg 3.1

ffmpeg/ffmpeg 3.1.1

ffmpeg/ffmpeg 3.1.2

ffmpeg/ffmpeg 3.1.3

ffmpeg/ffmpeg 3.1.4

... and 4 more

Published Feb 09, 2017

Tracked Since Feb 18, 2026