CVE-2016-6920

Published on: 01/23/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:11 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Ffmpeg from Ffmpeg contain the following vulnerability:

Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.

  • CVE-2016-6920 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
RETIRED: FFmpeg CVE-2016-6920 Heap Buffer Overflow Vulnerability cve.report (archive)
text/html
URL Logo BID 92790
FFmpeg CVE-2016-6920 Heap Buffer Overflow Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 92664
FFmpeg Security Vendor Advisory
www.ffmpeg.org
text/html
URL Logo CONFIRM www.ffmpeg.org/security.html
git.videolan.org Git - ffmpeg.git/commit Issue Tracking
Patch
Third Party Advisory
git.videolan.org
text/xml
URL Logo CONFIRM git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137
SecurityFocus www.securityfocus.com
text/html
URL Logo BUGTRAQ 20160907 CVE-2016-6920 ffmpeg exr file Heap Overflow
ffmpeg 3.1.2 Heap Overflow ≈ Packet Storm Third Party Advisory
VDB Entry
packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationFfmpegFfmpegAllAllAllAll
  • cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*: