{"id":"CVE-2016-10191","details":"Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.","modified":"2026-04-16T01:38:59.540257472Z","published":"2017-02-09T15:59:00.723Z","related":["openSUSE-SU-2017:1531-1","openSUSE-SU-2017:1532-1","openSUSE-SU-2024:10754-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/95989"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/01/31/12"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/02/02/1"},{"type":"ADVISORY","url":"https://ffmpeg.org/security.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/12"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/02/02/1"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/01/31/12"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/02/02/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"fixed":"7d57ca4d9a75562fa32e40766211de150f8b3ee7"}]}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","digest":{"length":2522,"function_hash":"92274830764906640701542815214003964729"},"target":{"file":"libavformat/rtmppkt.c","function":"rtmp_packet_read_one_chunk"},"signature_type":"Function","id":"CVE-2016-10191-03556a4d","source":"https://github.com/ffmpeg/ffmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7"},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7","signature_version":"v1","digest":{"line_hashes":["134176712849520932731543160601818351001","156785461138689732865857602962900086523","57755440124859462484793164720674791879"],"threshold":0.9},"signature_type":"Line","id":"CVE-2016-10191-b1922839","target":{"file":"libavformat/rtmppkt.c"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10191.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}