Show plain JSON{"id": "CVE-2016-10192", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-02-09T15:59:00.753", "references": [{"url": "http://www.openwall.com/lists/oss-security/2017/01/31/12", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/02/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/95991", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://ffmpeg.org/security.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2017/01/31/12", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/02/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/95991", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ffmpeg.org/security.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en ffserver.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario aprovechando el fallo para comprobar el tama\u00f1o del fragmento."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB8F94CB-75BE-4D48-A4A6-4CE03A3D60B7", "versionEndIncluding": "2.8.9"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6E85AA0-559E-4EC5-AF61-100732EF0643"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E86E3C4-946B-4E89-B0C1-010046D8D478"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94E316AE-DF67-40B7-99CE-CE30BFECC4C7"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "368CB50E-729C-4CA3-A6E4-67A277354255"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10FD1F85-27FB-4E8B-A2D0-529A048701C9"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A730657-04E4-4802-8336-DB067AF00C5A"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77E8C6C8-4849-4475-8271-CAD3ECE761CC"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59A336FF-56BE-4B09-827E-887FCF0A018B"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6FB6CF6-F80E-4570-8790-F43D2F035A07"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95D2E370-7B0E-451F-9802-D4C272C4902E"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A040488F-32AA-4451-B922-45B17D2AEA90"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21F765CB-B78E-42A3-BB22-D9FC515694B3"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5DFEAF5-8003-4EDB-B2B3-9022052939C4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}