CVE-2016-10191

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-10191
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10191.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-10191
Downstream
Related
Published
2017-02-09T15:59:00.723Z
Modified
2026-05-13T12:00:15.502471485Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type
GIT
Repo
https://github.com/ffmpeg/ffmpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fb93771072cfcbdd523d9f4bcd7682ee8b7f5578
Last affected
c40983a6f631d22fede713d535bb9c31d5c9740c
Last affected
fda00aa7749326f02a6ca0a7d9bd9bcda1054071
Last affected
c66f4d1ae64dffaf456d05cbdade02054446f499
Last affected
3512ed3622e1200f03e0d508b5c1bcbf9f5d2c88
Last affected
5771a0c8237d6fb0fb65877126ec0f7842fd2a1e
Last affected
fbc96c50d72f55131e43939e38c1e5af4315a755
Last affected
ce36e74e75751c721185fbebaa4ee8714b44c5a5
Last affected
4275b27a230008c41c63397871f173952723e2b2
Last affected
c46d22a4a58467bdc7885685b06a2114dd181c43
Last affected
c2ea70628215ccede53240843b4514a6c339ab27
Last affected
2a5c41e3e4a7e763503af59de903d5649dcc071a
Last affected
340cea9f22c162e10d120835661e132721b7454b
Last affected
c269c43a83166003ab6649263bc60634a6b7866f
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.9"
        },
        {
            "last_affected": "3.0"
        },
        {
            "last_affected": "3.0.1"
        },
        {
            "last_affected": "3.0.2"
        },
        {
            "last_affected": "3.0.3"
        },
        {
            "last_affected": "3.0.4"
        },
        {
            "last_affected": "3.1"
        },
        {
            "last_affected": "3.1.1"
        },
        {
            "last_affected": "3.1.2"
        },
        {
            "last_affected": "3.1.3"
        },
        {
            "last_affected": "3.1.4"
        },
        {
            "last_affected": "3.1.5"
        },
        {
            "last_affected": "3.2"
        },
        {
            "last_affected": "3.2.1"
        }
    ],
    "cpe": [
        "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD"
}

Affected versions

Other
N
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8
n2.8-dev
n2.8.1
n2.8.2
n2.8.3
n2.8.4
n2.8.5
n2.8.6
n2.8.7
n2.8.8
n2.8.9
n2.9-dev
n3.*
n3.0
n3.0.1
n3.0.2
n3.0.3
n3.0.4
n3.1
n3.1-dev
n3.1.1
n3.1.2
n3.1.3
n3.1.4
n3.1.5
n3.2
n3.2-dev
n3.2.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10191.json"