#VU32157 Buffer overflow in FFmpeg - CVE-2016-2328

Cybersecurity Help s.r.o.

Published: 2016-02-12 | Updated: 2020-07-28

Vulnerability identifier: #VU32157

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-2328

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FFmpeg
Universal components / Libraries / Libraries used by multiple products

Vendor: ffmpeg.sourceforge.net

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.

Mitigation
Install update from vendor's website.

Vulnerable software versions

FFmpeg: 2.8.0 - 2.8.5

External links
https://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
https://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
https://www.securitytracker.com/id/1035010
https://security.gentoo.org/glsa/201606-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in ffmpeg (Alpine package)

Buffer overflow in ffmpeg.sourceforge.net FFmpeg