{"id":"CVE-2016-10190","details":"Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.","modified":"2026-07-08T12:43:26.488593Z","published":"2017-02-09T15:59:00.627Z","related":["openSUSE-SU-2017:0958-1","openSUSE-SU-2017:0961-1","openSUSE-SU-2024:10754-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/95986"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"},{"type":"WEB","url":"https://trac.ffmpeg.org/ticket/5992"},{"type":"ADVISORY","url":"https://ffmpeg.org/security.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/12"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/02/02/1"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.ffmpeg.org/ffmpeg.git","events":[{"introduced":"0"},{"last_affected":"fb93771072cfcbdd523d9f4bcd7682ee8b7f5578"},{"introduced":"c40983a6f631d22fede713d535bb9c31d5c9740c"},{"last_affected":"c269c43a83166003ab6649263bc60634a6b7866f"}],"database_specific":{"cpe":["cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*"],"source":["CPE_RANGE","CPE_STRING"],"extracted_events":[{"introduced":"0"},{"last_affected":"2.8.9"},{"introduced":"3.0"},{"last_affected":"3.0"},{"introduced":"3.0.1"},{"last_affected":"3.0.1"},{"introduced":"3.0.2"},{"last_affected":"3.0.2"},{"introduced":"3.0.3"},{"last_affected":"3.0.3"},{"introduced":"3.0.4"},{"last_affected":"3.0.4"},{"introduced":"3.1"},{"last_affected":"3.1"},{"introduced":"3.1.1"},{"last_affected":"3.1.1"},{"introduced":"3.1.2"},{"last_affected":"3.1.2"},{"introduced":"3.1.3"},{"last_affected":"3.1.3"},{"introduced":"3.1.4"},{"last_affected":"3.1.4"},{"introduced":"3.1.5"},{"last_affected":"3.1.5"},{"introduced":"3.2"},{"last_affected":"3.2"},{"introduced":"3.2.1"},{"last_affected":"3.2.1"}]}}],"versions":["3.0","3.0.1","3.0.2","3.0.3","3.0.4","3.1","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.2","3.2.1","n2.8.9","n3.2.1","n3.2","n2.8.8","n2.8.7","n3.2-dev","n3.1-dev","n2.8.6","n2.8.5","n2.8.4","n2.8.3","n2.8.2","n2.8.1","n2.8","n2.9-dev","n2.8-dev","n2.7-dev","n2.6-dev","n2.5-dev","n2.4-dev","n2.3-dev","n2.2-dev","n2.0","n2.1-dev","n1.3-dev","n1.2-dev","n1.1-dev","n0.12-dev","n0.11-dev","n0.8","N"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10190.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"fb93771072cfcbdd523d9f4bcd7682ee8b7f5578"},{"introduced":"c40983a6f631d22fede713d535bb9c31d5c9740c"},{"last_affected":"c269c43a83166003ab6649263bc60634a6b7866f"},{"fixed":"2a05c8f813de6f2278827734bf8102291e7484aa"}],"database_specific":{"cpe":["cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*","cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*"],"source":["CPE_RANGE","CPE_STRING","REFERENCES"],"extracted_events":[{"introduced":"0"},{"last_affected":"2.8.9"},{"introduced":"3.0"},{"last_affected":"3.0"},{"introduced":"3.0.1"},{"last_affected":"3.0.1"},{"introduced":"3.0.2"},{"last_affected":"3.0.2"},{"introduced":"3.0.3"},{"last_affected":"3.0.3"},{"introduced":"3.0.4"},{"last_affected":"3.0.4"},{"introduced":"3.1"},{"last_affected":"3.1"},{"introduced":"3.1.1"},{"last_affected":"3.1.1"},{"introduced":"3.1.2"},{"last_affected":"3.1.2"},{"introduced":"3.1.3"},{"last_affected":"3.1.3"},{"introduced":"3.1.4"},{"last_affected":"3.1.4"},{"introduced":"3.1.5"},{"last_affected":"3.1.5"},{"introduced":"3.2"},{"last_affected":"3.2"},{"introduced":"3.2.1"},{"last_affected":"3.2.1"}]}}],"versions":["3.0","3.0.1","3.0.2","3.0.3","3.0.4","3.1","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.2","3.2.1","n2.8.9","n3.2.1","n3.2","n3.3-dev","n2.8.8","n2.8.7","n3.2-dev","n3.1-dev","n2.8.6","n2.8.5","n2.8.4","n2.8.3","n2.8.2","n2.8.1","n2.8","n2.9-dev","n2.8-dev","n2.7-dev","n2.6-dev","n2.5-dev","n2.4-dev","n2.3-dev","n2.2-dev","n2.0","n2.1-dev","n1.3-dev","n1.2-dev","n1.1-dev","n0.12-dev","n0.11-dev","n0.8","N"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10190.json","vanir_signatures_modified":"2026-07-08T12:43:26Z","vanir_signatures":[{"target":{"file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["195999663670395503853889201858602138339","337394873705817049612632853846211991246","281429762653280480764985616040684003074","181135591961178219334965079780398465644","301977385217758711588590238081694807191","4332534641764958029126003953881495642","78488409577540362127201842823735556550","294245872781092961482345009691324773866","50172627417254511126384020568043869421","112650500083297809555288309914964668779","30056712349516425312493654165939340259","298249970838642601123972583878986451394","176407889866597877503055189876499418998","193744821904088677257446971802230192422","167936627276812967465598665592130335165","149057470804409335808502586868429057327","314912851706149201516506787973960357799","147173598555519645520579805310458146800","29087375443321685771228653565552823132","338133686815687239574396247767484144980","242586206816867182635535439722785464192","63274841844650378289363788216436177961","69695398128977857204627250329512846761","159877063323603233213517554618491457080","148746741395448115673262940748286112383","215135803124320082263730838657324867399","304785617176626286438417500308733431081","104683594907378898032347369266827696254","210609334766725791740571382647031557290","336025561921878649109859305752516240059","193335780054135415349016455931345387834","5200210177290942409173405905234360868","58041336525576138683760382081305512420","176236939584381875316021462629521047469","94212220667250397537912484595720679606","307694002484925509855511584325910580472","145103461001093881257625819130696065017","230610564455100988109910632330191728421","70125292451460020843285881429093326179","153598065943465698668267997740394593054","268593430374134125250196730081209385195","293868026800181583571677458898190406017","88295059203012252592394965214548395627","105093005580092505988693877616976967979","86007042803940118800028476800584149559","311880476248326962136008921758625687463","338764777561368621476221375386326476238","47664005056104378332100527446338762935","44611751549552516955042496857640975595","107463033404543910575729349428633843257","43715430391330689511422764253024813728","49146989014158618782354245167122525313","324626250988046984580502223692664343191","68110331019358658271543741634753719589","257630673840875065656696176013196471051","330174377874492950428532523797563114320","184571769670058717495637840659386306545","72037359362049757401143768323280573478","261418715895457626359130608669225281735","191710336257866828202651790587640462656","266561053794300878391607306269928875736","71695166541645273191353008378911185674","160044126434007948026797462302852327725","208035063315291775027148960437059197391","74446269432642678552563105823143251367","76111632104629555969923027847174221838","121801329192032031979805864317813189823","169656543150414343351800221982084571677","275579883180837985032567593021986275590","214330101327163149036806779438415064661","95847572856940569416720961064551929955","257358118154356826154560378835377248593","72071214125283239948482876234408555385","301979849324286532993733565032331804118","186079235504122307468672380495855990691","141803169938265716261785770250791107490","12230199056265414075302853110896926046","48300616660767152834298710993760025847","2828056941259794508615439231571091318","3967397339702129711626534087308805389","49414725480161860793357595366995394760","98126838883829452946687614567867936231","293945222104089173824526833737138028955","108374270174840899325385671156632327395","196634904955693853372131665235786018387","26815514573349448131419393817877586727","300054146929949682389009299887678074309","111314383662916087408744711679758884830","175794948142823669334687464441360552413","33726988287170670072613719082076087265","13811679111082197512425596512372468787","68262581337783293796152438586751386088","293118137688244615364615398507471217242","263405096623595840524318800257381257853","294291539822903816170014810798224938706","136957136615083739787700046919468007988","219730309520283490880425513840675405698","204739233458432632821450147658324888399","169317966908470365298673360861576515443","77667814784786339654793077996442539596","221382695690763806654900884331706904610","153240225503016989958213145739932616551","86387841214565110119566692317248873878"]},"id":"CVE-2016-10190-08770d1e","deprecated":false,"signature_type":"Line"},{"target":{"function":"http_connect","file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"length":4320,"function_hash":"12610718817939929222738398655267156227"},"id":"CVE-2016-10190-0ce4b0a7","deprecated":false,"signature_type":"Function"},{"target":{"function":"http_read_stream","file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"length":1750,"function_hash":"302717158320484032752066418671647662494"},"id":"CVE-2016-10190-2f73aea5","deprecated":false,"signature_type":"Function"},{"target":{"function":"http_seek_internal","file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"length":1218,"function_hash":"6516275375144746073299497260326148662"},"id":"CVE-2016-10190-6c648151","deprecated":false,"signature_type":"Function"},{"target":{"function":"http_read_header","file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"length":668,"function_hash":"29291998720851582992351322556084772994"},"id":"CVE-2016-10190-6e795f3b","deprecated":false,"signature_type":"Function"},{"target":{"function":"process_line","file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"length":4144,"function_hash":"230933525932273812045672291144973050095"},"id":"CVE-2016-10190-7161a4f2","deprecated":false,"signature_type":"Function"},{"target":{"function":"http_proxy_open","file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"length":1871,"function_hash":"150729267673974336767668852687675522780"},"id":"CVE-2016-10190-77fbd344","deprecated":false,"signature_type":"Function"},{"target":{"function":"http_open","file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"length":995,"function_hash":"80694966203472736538792799490348615589"},"id":"CVE-2016-10190-aa69c7ad","deprecated":false,"signature_type":"Function"},{"target":{"function":"http_buf_read","file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"length":858,"function_hash":"278051685018924489094697474612484937283"},"id":"CVE-2016-10190-b20cd40c","deprecated":false,"signature_type":"Function"},{"target":{"function":"store_icy","file":"libavformat/http.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_version":"v1","digest":{"length":658,"function_hash":"13106501879363286127811322793886100134"},"id":"CVE-2016-10190-c1942b99","deprecated":false,"signature_type":"Function"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}