CVE-2016-5115 — Out-of-bounds Read in Project Libavformat

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 57.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libavformat Project Libavformat

Timeline

PublishedFeb 3

Latest updateMay 17

Description

The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDlibavformat_project/libavformat57.34.103

🔴Vulnerability Details

GHSA

GHSA-84mq-6c9x-6p8p: The avcodec_decode_audio4 function in libavcodec in libavformat 57↗2022-05-17

▶

OSV

CVE-2016-5115: The avcodec_decode_audio4 function in libavcodec in libavformat 57↗2017-02-03

▶