{"id":"CVE-2016-3062","details":"The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.","modified":"2026-02-24T08:11:11.522501Z","published":"2016-06-16T18:59:08.373Z","related":["openSUSE-SU-2024:10926-1"],"references":[{"type":"WEB","url":"https://ffmpeg.org/security.html"},{"type":"WEB","url":"https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3603"},{"type":"ADVISORY","url":"https://bugzilla.libav.org/show_bug.cgi?id=929"},{"type":"ADVISORY","url":"https://libav.org/releases/libav-11.7.changelog"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-08"},{"type":"REPORT","url":"https://bugzilla.libav.org/show_bug.cgi?id=929"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.ffmpeg.org/ffmpeg.git","events":[{"introduced":"0"},{"last_affected":"c13b19a5bcc23c49e67d97062cc0e9fa16c949c2"}]}],"versions":["N","n0.10","n0.10.1","n0.10.10","n0.10.11","n0.10.12","n0.10.13","n0.10.14","n0.10.15","n0.10.2","n0.10.3","n0.10.4","n0.10.5","n0.10.6","n0.10.7","n0.10.8","n0.10.9","n0.8"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3062.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}