CVE-2016-3062
Gentoo Linux Security Advisory 201705-08
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
La función mov_read_dref en libavformat/mov.c en Libav en versiones anteriores a 11.7 y FFmpeg en versiones anteriores a 0.11 permite a atacantes remotos provocar una denegación de srevicio (corrupción de memoria) o ejecutar código arbitrario a través de valores de entrada en una caja dref en un archivo MP4.
Multiple vulnerabilities have been found in libav, the worst of which may allow execution of arbitrary code. Versions less than 11.8 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-03-09 CVE Reserved
- 2016-06-15 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://ffmpeg.org/security.html | X_refsource_confirm | |
| https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328 | X_refsource_confirm | |
| https://libav.org/releases/libav-11.7.changelog | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html | 2023-11-07 | |
| http://www.debian.org/security/2016/dsa-3603 | 2023-11-07 | |
| https://bugzilla.libav.org/show_bug.cgi?id=929 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201705-08 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libav Search vendor "Libav" | Libav Search vendor "Libav" for product "Libav" | <= 11.6 Search vendor "Libav" for product "Libav" and version " <= 11.6" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | <= 0.10.15 Search vendor "Ffmpeg" for product "Ffmpeg" and version " <= 0.10.15" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | <= 8.0 Search vendor "Debian" for product "Debian Linux" and version " <= 8.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
| ||||||