Published: 16/06/2016 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The mov_read_dref function in libavformat/mov.c in Libav prior to 11.7 and FFmpeg prior to 0.11 allows remote malicious users to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libav libav
ffmpeg ffmpeg
debian debian linux
opensuse leap 42.1

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library A full list of the changes is available at gitlibavorg/?p=libavgit;a=blob;f=Changelog;hb=refs/tags/v117 For the stable distribution (jessie), this problem has been fixed in version 6:117-1~deb8u1 We recommend that you upgrade ...

CWE-119 https://ffmpeg.org/security.html https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746 https://libav.org/releases/libav-11.7.changelog http://www.debian.org/security/2016/dsa-3603 https://bugzilla.libav.org/show_bug.cgi?id=929 http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html https://security.gentoo.org/glsa/201705-08 https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328 https://nvd.nist.gov https://www.debian.org/security/./dsa-3603

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-3062

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect