{"id":"CVE-2016-10190","details":"Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.","modified":"2026-04-01T23:38:01.976098Z","published":"2017-02-09T15:59:00.627Z","related":["openSUSE-SU-2017:0958-1","openSUSE-SU-2017:0961-1","openSUSE-SU-2024:10754-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html"},{"type":"WEB","url":"https://trac.ffmpeg.org/ticket/5992"},{"type":"WEB","url":"http://www.securityfocus.com/bid/95986"},{"type":"ADVISORY","url":"https://ffmpeg.org/security.html"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/12"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/02/02/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"fb93771072cfcbdd523d9f4bcd7682ee8b7f5578"},{"introduced":"0"},{"last_affected":"c40983a6f631d22fede713d535bb9c31d5c9740c"},{"introduced":"0"},{"last_affected":"fda00aa7749326f02a6ca0a7d9bd9bcda1054071"},{"introduced":"0"},{"last_affected":"c66f4d1ae64dffaf456d05cbdade02054446f499"},{"introduced":"0"},{"last_affected":"3512ed3622e1200f03e0d508b5c1bcbf9f5d2c88"},{"introduced":"0"},{"last_affected":"5771a0c8237d6fb0fb65877126ec0f7842fd2a1e"},{"introduced":"0"},{"last_affected":"fbc96c50d72f55131e43939e38c1e5af4315a755"},{"introduced":"0"},{"last_affected":"ce36e74e75751c721185fbebaa4ee8714b44c5a5"},{"introduced":"0"},{"last_affected":"4275b27a230008c41c63397871f173952723e2b2"},{"introduced":"0"},{"last_affected":"c46d22a4a58467bdc7885685b06a2114dd181c43"},{"introduced":"0"},{"last_affected":"c2ea70628215ccede53240843b4514a6c339ab27"},{"introduced":"0"},{"last_affected":"2a5c41e3e4a7e763503af59de903d5649dcc071a"},{"introduced":"0"},{"last_affected":"340cea9f22c162e10d120835661e132721b7454b"},{"introduced":"0"},{"last_affected":"c269c43a83166003ab6649263bc60634a6b7866f"},{"fixed":"2a05c8f813de6f2278827734bf8102291e7484aa"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.8.9"},{"introduced":"0"},{"last_affected":"3.0"},{"introduced":"0"},{"last_affected":"3.0.1"},{"introduced":"0"},{"last_affected":"3.0.2"},{"introduced":"0"},{"last_affected":"3.0.3"},{"introduced":"0"},{"last_affected":"3.0.4"},{"introduced":"0"},{"last_affected":"3.1"},{"introduced":"0"},{"last_affected":"3.1.1"},{"introduced":"0"},{"last_affected":"3.1.2"},{"introduced":"0"},{"last_affected":"3.1.3"},{"introduced":"0"},{"last_affected":"3.1.4"},{"introduced":"0"},{"last_affected":"3.1.5"},{"introduced":"0"},{"last_affected":"3.2"},{"introduced":"0"},{"last_affected":"3.2.1"}]}}],"versions":["N","ffmpeg-0.6.3","n0.10","n0.10.1","n0.10.10","n0.10.11","n0.10.12","n0.10.13","n0.10.14","n0.10.15","n0.10.16","n0.10.2","n0.10.3","n0.10.4","n0.10.5","n0.10.6","n0.10.7","n0.10.8","n0.10.9","n0.11","n0.11-dev","n0.11.1","n0.11.2","n0.11.3","n0.11.4","n0.11.5","n0.12-dev","n0.5.10","n0.5.11","n0.5.12","n0.5.13","n0.5.14","n0.5.15","n0.5.5","n0.5.6","n0.5.7","n0.5.8","n0.5.9","n0.6.4","n0.6.5","n0.6.6","n0.6.7","n0.7.1","n0.7.10","n0.7.11","n0.7.12","n0.7.13","n0.7.14","n0.7.15","n0.7.16","n0.7.17","n0.7.2","n0.7.3","n0.7.4","n0.7.5","n0.7.6","n0.7.7","n0.7.8","n0.7.9","n0.8","n0.8.1","n0.8.10","n0.8.11","n0.8.12","n0.8.13","n0.8.14","n0.8.15","n0.8.2","n0.8.3","n0.8.4","n0.8.5","n0.8.6","n0.8.7","n0.8.8","n0.8.9","n0.9","n0.9.1","n0.9.2","n0.9.3","n0.9.4","n1.0","n1.0.1","n1.0.10","n1.0.2","n1.0.3","n1.0.4","n1.0.5","n1.0.6","n1.0.7","n1.0.8","n1.0.9","n1.1","n1.1-dev","n1.1.1","n1.1.10","n1.1.11","n1.1.12","n1.1.13","n1.1.14","n1.1.15","n1.1.16","n1.1.2","n1.1.3","n1.1.4","n1.1.5","n1.1.6","n1.1.7","n1.1.8","n1.1.9","n1.2","n1.2-dev","n1.2.1","n1.2.10","n1.2.11","n1.2.12","n1.2.2","n1.2.3","n1.2.4","n1.2.5","n1.2.6","n1.2.7","n1.2.8","n1.2.9","n1.3-dev","n2.0","n2.0.1","n2.0.2","n2.0.3","n2.0.4","n2.0.5","n2.0.6","n2.0.7","n2.1","n2.1-dev","n2.1.1","n2.1.2","n2.1.3","n2.1.4","n2.1.5","n2.1.6","n2.1.7","n2.1.8","n2.2","n2.2-dev","n2.2-rc1","n2.2-rc2","n2.2.1","n2.2.10","n2.2.11","n2.2.12","n2.2.13","n2.2.14","n2.2.15","n2.2.16","n2.2.2","n2.2.3","n2.2.4","n2.2.5","n2.2.6","n2.2.7","n2.2.8","n2.2.9","n2.3","n2.3-dev","n2.3.1","n2.3.2","n2.3.3","n2.3.4","n2.3.5","n2.3.6","n2.4","n2.4-dev","n2.4.1","n2.4.10","n2.4.11","n2.4.12","n2.4.13","n2.4.14","n2.4.2","n2.4.3","n2.4.4","n2.4.5","n2.4.6","n2.4.7","n2.4.8","n2.4.9","n2.5","n2.5-dev","n2.5.1","n2.5.10","n2.5.11","n2.5.2","n2.5.3","n2.5.4","n2.5.5","n2.5.6","n2.5.7","n2.5.8","n2.5.9","n2.6","n2.6-dev","n2.6.1","n2.6.2","n2.6.3","n2.6.4","n2.6.5","n2.6.6","n2.6.7","n2.6.8","n2.6.9","n2.7","n2.7-dev","n2.7.1","n2.7.2","n2.7.3","n2.7.4","n2.7.5","n2.7.6","n2.7.7","n2.8","n2.8-dev","n2.8.1","n2.8.2","n2.8.3","n2.8.4","n2.8.5","n2.8.6","n2.8.7","n2.8.8","n2.8.9","n2.9-dev","n3.0","n3.1-dev","v0.5","v0.5.1","v0.5.2","v0.5.3","v0.6","v0.6.1"],"database_specific":{"vanir_signatures":[{"id":"CVE-2016-10190-08770d1e","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Line","signature_version":"v1","target":{"file":"libavformat/http.c"},"digest":{"threshold":0.9,"line_hashes":["195999663670395503853889201858602138339","337394873705817049612632853846211991246","281429762653280480764985616040684003074","181135591961178219334965079780398465644","301977385217758711588590238081694807191","4332534641764958029126003953881495642","78488409577540362127201842823735556550","294245872781092961482345009691324773866","50172627417254511126384020568043869421","112650500083297809555288309914964668779","30056712349516425312493654165939340259","298249970838642601123972583878986451394","176407889866597877503055189876499418998","193744821904088677257446971802230192422","167936627276812967465598665592130335165","149057470804409335808502586868429057327","314912851706149201516506787973960357799","147173598555519645520579805310458146800","29087375443321685771228653565552823132","338133686815687239574396247767484144980","242586206816867182635535439722785464192","63274841844650378289363788216436177961","69695398128977857204627250329512846761","159877063323603233213517554618491457080","148746741395448115673262940748286112383","215135803124320082263730838657324867399","304785617176626286438417500308733431081","104683594907378898032347369266827696254","210609334766725791740571382647031557290","336025561921878649109859305752516240059","193335780054135415349016455931345387834","5200210177290942409173405905234360868","58041336525576138683760382081305512420","176236939584381875316021462629521047469","94212220667250397537912484595720679606","307694002484925509855511584325910580472","145103461001093881257625819130696065017","230610564455100988109910632330191728421","70125292451460020843285881429093326179","153598065943465698668267997740394593054","268593430374134125250196730081209385195","293868026800181583571677458898190406017","88295059203012252592394965214548395627","105093005580092505988693877616976967979","86007042803940118800028476800584149559","311880476248326962136008921758625687463","338764777561368621476221375386326476238","47664005056104378332100527446338762935","44611751549552516955042496857640975595","107463033404543910575729349428633843257","43715430391330689511422764253024813728","49146989014158618782354245167122525313","324626250988046984580502223692664343191","68110331019358658271543741634753719589","257630673840875065656696176013196471051","330174377874492950428532523797563114320","184571769670058717495637840659386306545","72037359362049757401143768323280573478","261418715895457626359130608669225281735","191710336257866828202651790587640462656","266561053794300878391607306269928875736","71695166541645273191353008378911185674","160044126434007948026797462302852327725","208035063315291775027148960437059197391","74446269432642678552563105823143251367","76111632104629555969923027847174221838","121801329192032031979805864317813189823","169656543150414343351800221982084571677","275579883180837985032567593021986275590","214330101327163149036806779438415064661","95847572856940569416720961064551929955","257358118154356826154560378835377248593","72071214125283239948482876234408555385","301979849324286532993733565032331804118","186079235504122307468672380495855990691","141803169938265716261785770250791107490","12230199056265414075302853110896926046","48300616660767152834298710993760025847","2828056941259794508615439231571091318","3967397339702129711626534087308805389","49414725480161860793357595366995394760","98126838883829452946687614567867936231","293945222104089173824526833737138028955","108374270174840899325385671156632327395","196634904955693853372131665235786018387","26815514573349448131419393817877586727","300054146929949682389009299887678074309","111314383662916087408744711679758884830","175794948142823669334687464441360552413","33726988287170670072613719082076087265","13811679111082197512425596512372468787","68262581337783293796152438586751386088","293118137688244615364615398507471217242","263405096623595840524318800257381257853","294291539822903816170014810798224938706","136957136615083739787700046919468007988","219730309520283490880425513840675405698","204739233458432632821450147658324888399","169317966908470365298673360861576515443","77667814784786339654793077996442539596","221382695690763806654900884331706904610","153240225503016989958213145739932616551","86387841214565110119566692317248873878"]},"deprecated":false},{"id":"CVE-2016-10190-0ce4b0a7","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Function","signature_version":"v1","target":{"function":"http_connect","file":"libavformat/http.c"},"digest":{"function_hash":"12610718817939929222738398655267156227","length":4320},"deprecated":false},{"id":"CVE-2016-10190-2f73aea5","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Function","signature_version":"v1","target":{"function":"http_read_stream","file":"libavformat/http.c"},"digest":{"function_hash":"302717158320484032752066418671647662494","length":1750},"deprecated":false},{"id":"CVE-2016-10190-6c648151","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Function","signature_version":"v1","target":{"function":"http_seek_internal","file":"libavformat/http.c"},"digest":{"function_hash":"6516275375144746073299497260326148662","length":1218},"deprecated":false},{"id":"CVE-2016-10190-6e795f3b","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Function","signature_version":"v1","target":{"function":"http_read_header","file":"libavformat/http.c"},"digest":{"function_hash":"29291998720851582992351322556084772994","length":668},"deprecated":false},{"id":"CVE-2016-10190-7161a4f2","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Function","signature_version":"v1","target":{"function":"process_line","file":"libavformat/http.c"},"digest":{"function_hash":"230933525932273812045672291144973050095","length":4144},"deprecated":false},{"id":"CVE-2016-10190-77fbd344","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Function","signature_version":"v1","target":{"function":"http_proxy_open","file":"libavformat/http.c"},"digest":{"function_hash":"150729267673974336767668852687675522780","length":1871},"deprecated":false},{"id":"CVE-2016-10190-aa69c7ad","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Function","signature_version":"v1","target":{"function":"http_open","file":"libavformat/http.c"},"digest":{"function_hash":"80694966203472736538792799490348615589","length":995},"deprecated":false},{"id":"CVE-2016-10190-b20cd40c","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Function","signature_version":"v1","target":{"function":"http_buf_read","file":"libavformat/http.c"},"digest":{"function_hash":"278051685018924489094697474612484937283","length":858},"deprecated":false},{"id":"CVE-2016-10190-c1942b99","source":"https://github.com/ffmpeg/ffmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","signature_type":"Function","signature_version":"v1","target":{"function":"store_icy","file":"libavformat/http.c"},"digest":{"function_hash":"13106501879363286127811322793886100134","length":658},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10190.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}