OpenCVE

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Ffmpeg	Ffmpeg
Libav	Libav
Opensuse	Leap

Configuration 1 [-]

cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html
http://www.debian.org/security/2016/dsa-3603
https://bugzilla.libav.org/show_bug.cgi?id=929
https://ffmpeg.org/security.html
https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328
https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746
https://libav.org/releases/libav-11.7.changelog
https://security.gentoo.org/glsa/201705-08

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-06-16T18:00:00

Updated: 2024-08-05T23:40:15.226Z

Reserved: 2016-03-09T00:00:00

Link: CVE-2016-3062

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-06-16T18:59:08.373

Modified: 2024-11-21T02:49:17.017

Link: CVE-2016-3062

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-25T00:00:00", "descriptions": [{"lang": "en", "value": "The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2016:1685", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"}, {"name": "GLSA-201705-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201705-08"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328"}, {"name": "DSA-3603", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3603"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.libav.org/show_bug.cgi?id=929"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://libav.org/releases/libav-11.7.changelog"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://ffmpeg.org/security.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3062", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2016:1685", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"}, {"name": "GLSA-201705-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201705-08"}, {"name": "https://git.libav.org/?p=libav.git;a=commit;h=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328", "refsource": "CONFIRM", "url": "https://git.libav.org/?p=libav.git;a=commit;h=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328"}, {"name": "DSA-3603", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3603"}, {"name": "https://bugzilla.libav.org/show_bug.cgi?id=929", "refsource": "CONFIRM", "url": "https://bugzilla.libav.org/show_bug.cgi?id=929"}, {"name": "https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746", "refsource": "CONFIRM", "url": "https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746"}, {"name": "https://libav.org/releases/libav-11.7.changelog", "refsource": "CONFIRM", "url": "https://libav.org/releases/libav-11.7.changelog"}, {"name": "https://ffmpeg.org/security.html", "refsource": "CONFIRM", "url": "https://ffmpeg.org/security.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:40:15.226Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2016:1685", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"}, {"name": "GLSA-201705-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201705-08"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328"}, {"name": "DSA-3603", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3603"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.libav.org/show_bug.cgi?id=929"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://libav.org/releases/libav-11.7.changelog"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://ffmpeg.org/security.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3062", "datePublished": "2016-06-16T18:00:00", "dateReserved": "2016-03-09T00:00:00", "dateUpdated": "2024-08-05T23:40:15.226Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*", "matchCriteriaId": "49C87D33-61F9-4668-B6F7-EAC88169C48A", "versionEndIncluding": "11.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E92A173-3346-4B06-96CD-B0D06AE0A359", "versionEndIncluding": "0.10.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "A35AC9E8-6666-4AB2-91B7-B77DF2DF48B9", "versionEndIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file."}, {"lang": "es", "value": "La funci\u00f3n mov_read_dref en libavformat/mov.c en Libav en versiones anteriores a 11.7 y FFmpeg en versiones anteriores a 0.11 permite a atacantes remotos provocar una denegaci\u00f3n de srevicio (corrupci\u00f3n de memoria) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de valores de entrada en una caja dref en un archivo MP4."}], "id": "CVE-2016-3062", "lastModified": "2024-11-21T02:49:17.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-16T18:59:08.373", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3603"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.libav.org/show_bug.cgi?id=929"}, {"source": "cve@mitre.org", "url": "https://ffmpeg.org/security.html"}, {"source": "cve@mitre.org", "url": "https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://libav.org/releases/libav-11.7.changelog"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201705-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3603"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.libav.org/show_bug.cgi?id=929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ffmpeg.org/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://libav.org/releases/libav-11.7.changelog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201705-08"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}