CVE-2016-10191

CRITICAL

FFmpeg < 2.8.10, 3.0.x < 3.0.5, 3.1.x < 3.1.6, 3.2.x < 3.2.2 - Remote Code Execution via RTMP Packet Size Mismatch

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-10191. PoCs published by KaviDk.

AI-analyzed exploit summary The repository contains only a README file with minimal information about CVE-2016-10191, lacking any functional exploit code or technical details. It appears to be a placeholder or incomplete research report.

Description

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.

Exploits (1)

nomisec STUB

by KaviDk · poc

https://github.com/KaviDk/Heap-Over-Flow-with-CVE-2016-10191

View Code ZIP pw:eip

The repository contains only a README file with minimal information about CVE-2016-10191, lacking any functional exploit code or technical details. It appears to be a placeholder or incomplete research report.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95989

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2017/01/31/12

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2017/02/02/1

Patch x_refsource_confirm

https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7

Release Notes, Vendor Advisory x_refsource_confirm

https://ffmpeg.org/security.html

Scores

CVSS v3 9.8

EPSS 0.0590

EPSS Percentile 90.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (14)

ffmpeg/ffmpeg 3.0

ffmpeg/ffmpeg 3.0.1

ffmpeg/ffmpeg 3.0.2

ffmpeg/ffmpeg 3.0.3

ffmpeg/ffmpeg 3.0.4

ffmpeg/ffmpeg 3.1

ffmpeg/ffmpeg 3.1.1

ffmpeg/ffmpeg 3.1.2

ffmpeg/ffmpeg 3.1.3

ffmpeg/ffmpeg 3.1.4

... and 4 more

Published Feb 09, 2017

Tracked Since Feb 18, 2026