{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-09T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "95991", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95991"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"}, {"name": "[oss-security] 20170201 CVE Request: ffmpeg remote exploitaion results code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/01/31/12"}, {"name": "[oss-security] 20170202 Re: CVE Request: ffmpeg remote exploitaion results code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/02/02/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://ffmpeg.org/security.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10192", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "95991", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95991"}, {"name": "https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156", "refsource": "CONFIRM", "url": "https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"}, {"name": "[oss-security] 20170201 CVE Request: ffmpeg remote exploitaion results code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/01/31/12"}, {"name": "[oss-security] 20170202 Re: CVE Request: ffmpeg remote exploitaion results code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/02/02/1"}, {"name": "https://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "https://ffmpeg.org/security.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:14:42.542Z"}, "title": "CVE Program Container", "references": [{"name": "95991", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95991"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"}, {"name": "[oss-security] 20170201 CVE Request: ffmpeg remote exploitaion results code execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/01/31/12"}, {"name": "[oss-security] 20170202 Re: CVE Request: ffmpeg remote exploitaion results code execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/02/02/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://ffmpeg.org/security.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10192", "datePublished": "2017-02-09T15:00:00", "dateReserved": "2017-02-01T00:00:00", "dateUpdated": "2024-08-06T03:14:42.542Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB8F94CB-75BE-4D48-A4A6-4CE03A3D60B7", "versionEndIncluding": "2.8.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6E85AA0-559E-4EC5-AF61-100732EF0643", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E86E3C4-946B-4E89-B0C1-010046D8D478", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "94E316AE-DF67-40B7-99CE-CE30BFECC4C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "368CB50E-729C-4CA3-A6E4-67A277354255", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "10FD1F85-27FB-4E8B-A2D0-529A048701C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A730657-04E4-4802-8336-DB067AF00C5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "77E8C6C8-4849-4475-8271-CAD3ECE761CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "59A336FF-56BE-4B09-827E-887FCF0A018B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6FB6CF6-F80E-4570-8790-F43D2F035A07", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "95D2E370-7B0E-451F-9802-D4C272C4902E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "A040488F-32AA-4451-B922-45B17D2AEA90", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "21F765CB-B78E-42A3-BB22-D9FC515694B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F5DFEAF5-8003-4EDB-B2B3-9022052939C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en ffserver.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario aprovechando el fallo para comprobar el tama\u00f1o del fragmento."}], "id": "CVE-2016-10192", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-09T15:59:00.753", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/31/12"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/02/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95991"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://ffmpeg.org/security.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/01/31/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/02/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95991"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://ffmpeg.org/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}