CVE-2016-10191

CRITICAL

Ffmpeg < 2.8.9 - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.

Exploits (1)

nomisec STUB

by KaviDk · poc

https://github.com/KaviDk/Heap-Over-Flow-with-CVE-2016-10191

View Code ZIP pw:eip

References (6)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/01/31/12

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/02/02/1

[Release Notes, Vendor Advisory] https://ffmpeg.org/security.html

[Patch] https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7

[Mailing List] https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95989

Scores

CVSS v3 9.8

EPSS 0.0866

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (14)

ffmpeg/ffmpeg 3.0

ffmpeg/ffmpeg 3.0.1

ffmpeg/ffmpeg 3.0.2

ffmpeg/ffmpeg 3.0.3

ffmpeg/ffmpeg 3.0.4

ffmpeg/ffmpeg 3.1

ffmpeg/ffmpeg 3.1.1

ffmpeg/ffmpeg 3.1.2

ffmpeg/ffmpeg 3.1.3

ffmpeg/ffmpeg 3.1.4

... and 4 more

Published Feb 09, 2017

Tracked Since Feb 18, 2026