CVE-2016-5199 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 27.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Google Chrome

Timeline

PublishedJan 19

Latest updateMay 14

Description

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDgoogle/chrome54.0.2840.87

▶debiandebian/ffmpeg< ffmpeg 7:3.2-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:3.2-1+3

🔴Vulnerability Details

GHSA

GHSA-5mc4-xjch-jc3r: An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54↗2022-05-14

▶

OSV

CVE-2016-5199: An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54↗2017-01-19

▶

OSV

oxide-qt vulnerabilities↗2016-12-01

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-12-01

▶

Red Hat

chromium-browser: heap corruption in ffmpeg↗2016-11-09

▶

Debian

CVE-2016-5199: ffmpeg - An off by one error resulting in an allocation of zero size in FFmpeg in Google ...↗2016

▶

💬Community

Bugzilla

CVE-2016-5199 chromium-browser: heap corruption in ffmpeg↗2016-11-10

▶

Bugzilla

CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 chromium: various flaws [fedora-all]↗2016-11-10

▶