{"id":"CVE-2016-10192","details":"Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.","modified":"2026-04-16T01:39:49.331784974Z","published":"2017-02-09T15:59:00.753Z","related":["openSUSE-SU-2017:1531-1","openSUSE-SU-2017:1532-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/01/31/12"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/02/02/1"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95991"},{"type":"ADVISORY","url":"https://ffmpeg.org/security.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/12"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/02/02/1"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/01/31/12"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/02/02/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"fixed":"a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"}]}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10192.json","vanir_signatures":[{"digest":{"length":3861,"function_hash":"54265455413115495931100378942446358680"},"signature_version":"v1","target":{"file":"ffserver.c","function":"http_receive_data"},"source":"https://github.com/ffmpeg/ffmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156","signature_type":"Function","id":"CVE-2016-10192-07a68142","deprecated":false},{"digest":{"line_hashes":["145977957621285930571316406731381407558","157890322922176059152627140325378154171","146523412843575963327062660251038354018","151822313249723663103132816587686774223","239366556133619822067036311925360021864","209380550422533187913911620005970241935","327799982023172669304573051615482912275","51812135191346979987597501041320814555","62741539207270928737374147488074395989"],"threshold":0.9},"signature_version":"v1","target":{"file":"ffserver.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156","signature_type":"Line","id":"CVE-2016-10192-e17bdc26","deprecated":false}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}