Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
[
{
"target": {
"function": "rtmp_packet_read_one_chunk",
"file": "libavformat/rtmppkt.c"
},
"id": "CVE-2016-10191-03556a4d",
"digest": {
"function_hash": "92274830764906640701542815214003964729",
"length": 2522.0
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/ffmpeg/ffmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7",
"signature_type": "Function"
},
{
"target": {
"file": "libavformat/rtmppkt.c"
},
"id": "CVE-2016-10191-b1922839",
"digest": {
"line_hashes": [
"134176712849520932731543160601818351001",
"156785461138689732865857602962900086523",
"57755440124859462484793164720674791879"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/ffmpeg/ffmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7",
"signature_type": "Line"
}
]