{"id":"CVE-2016-10192","details":"Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.","modified":"2026-04-16T06:18:58.937752648Z","published":"2017-02-09T15:59:00.753Z","related":["openSUSE-SU-2017:1531-1","openSUSE-SU-2017:1532-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95991"},{"type":"ADVISORY","url":"https://ffmpeg.org/security.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/31/12"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/02/02/1"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"last_affected":"fb93771072cfcbdd523d9f4bcd7682ee8b7f5578"},{"introduced":"0"},{"last_affected":"c40983a6f631d22fede713d535bb9c31d5c9740c"},{"introduced":"0"},{"last_affected":"fda00aa7749326f02a6ca0a7d9bd9bcda1054071"},{"introduced":"0"},{"last_affected":"c66f4d1ae64dffaf456d05cbdade02054446f499"},{"introduced":"0"},{"last_affected":"3512ed3622e1200f03e0d508b5c1bcbf9f5d2c88"},{"introduced":"0"},{"last_affected":"5771a0c8237d6fb0fb65877126ec0f7842fd2a1e"},{"introduced":"0"},{"last_affected":"fbc96c50d72f55131e43939e38c1e5af4315a755"},{"introduced":"0"},{"last_affected":"ce36e74e75751c721185fbebaa4ee8714b44c5a5"},{"introduced":"0"},{"last_affected":"4275b27a230008c41c63397871f173952723e2b2"},{"introduced":"0"},{"last_affected":"c46d22a4a58467bdc7885685b06a2114dd181c43"},{"introduced":"0"},{"last_affected":"c2ea70628215ccede53240843b4514a6c339ab27"},{"introduced":"0"},{"last_affected":"2a5c41e3e4a7e763503af59de903d5649dcc071a"},{"introduced":"0"},{"last_affected":"340cea9f22c162e10d120835661e132721b7454b"},{"introduced":"0"},{"last_affected":"c269c43a83166003ab6649263bc60634a6b7866f"},{"fixed":"a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.8.9"},{"introduced":"0"},{"last_affected":"3.0"},{"introduced":"0"},{"last_affected":"3.0.1"},{"introduced":"0"},{"last_affected":"3.0.2"},{"introduced":"0"},{"last_affected":"3.0.3"},{"introduced":"0"},{"last_affected":"3.0.4"},{"introduced":"0"},{"last_affected":"3.1"},{"introduced":"0"},{"last_affected":"3.1.1"},{"introduced":"0"},{"last_affected":"3.1.2"},{"introduced":"0"},{"last_affected":"3.1.3"},{"introduced":"0"},{"last_affected":"3.1.4"},{"introduced":"0"},{"last_affected":"3.1.5"},{"introduced":"0"},{"last_affected":"3.2"},{"introduced":"0"},{"last_affected":"3.2.1"}]}}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8","n2.8-dev","n2.8.1","n2.8.2","n2.8.3","n2.8.4","n2.8.5","n2.8.6","n2.8.7","n2.8.8","n2.8.9","n2.9-dev","n3.0","n3.0.1","n3.0.2","n3.0.3","n3.0.4","n3.1","n3.1-dev","n3.1.1","n3.1.2","n3.1.3","n3.1.4","n3.1.5","n3.2","n3.2-dev","n3.2.1","n3.3-dev"],"database_specific":{"vanir_signatures_modified":"2026-04-11T03:43:50Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2016-10192-07a68142","target":{"file":"ffserver.c","function":"http_receive_data"},"digest":{"length":3861,"function_hash":"54265455413115495931100378942446358680"},"source":"https://github.com/ffmpeg/ffmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"},{"target":{"file":"ffserver.c"},"deprecated":false,"signature_type":"Line","signature_version":"v1","id":"CVE-2016-10192-e17bdc26","digest":{"line_hashes":["145977957621285930571316406731381407558","157890322922176059152627140325378154171","146523412843575963327062660251038354018","151822313249723663103132816587686774223","239366556133619822067036311925360021864","209380550422533187913911620005970241935","327799982023172669304573051615482912275","51812135191346979987597501041320814555","62741539207270928737374147488074395989"],"threshold":0.9},"source":"https://github.com/ffmpeg/ffmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10192.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}