CVE-2016-2326

Published on: 02/11/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:15 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

  • CVE-2016-2326 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
FFmpeg CVE-2016-2326 Integer Overflow Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 84165
FFmpeg Processing Flaws Lets Remote Users Cause the Target Application or Service to Crash - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1035010
Debian -- Security Information -- DSA-3506-1 libav Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3506
libav: Multiple vulnerabilities (GLSA 201705-08) — Gentoo Security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201705-08
git.videolan.org Git - ffmpeg.git/commit Patch
Vendor Advisory
git.videolan.org
text/xml
URL Logo CONFIRM git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
USN-2944-1: Libav vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-2944-1
FFmpeg: Multiple vulnerabilities (GLSA 201606-09) — Gentoo security Third Party Advisory
VDB Entry
security.gentoo.org
text/html
URL Logo GENTOO GLSA-201606-09

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
ApplicationFfmpegFfmpegAllAllAllAll
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*: