SB2016120613 - Multiple vulnerabilities in FFmpeg
Published: December 6, 2016 Updated: June 8, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2016-2327)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.
2) Integer overflow (CVE-ID: CVE-2016-2326)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.
Remediation
Install update from vendor's website.
References
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
- http://www.securitytracker.com/id/1035010
- https://security.gentoo.org/glsa/201606-09
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
- http://www.debian.org/security/2016/dsa-3506
- http://www.securityfocus.com/bid/84165
- http://www.ubuntu.com/usn/USN-2944-1
- https://security.gentoo.org/glsa/201705-08