8.8

CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibavLibav Version <= 11.6
FfmpegFfmpeg Version <= 0.10.15
DebianDebian Linux Version <= 8.0
OpensuseLeap Version42.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.05% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://security.gentoo.org/glsa/201705-08
http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3603
Third Party Advisory
https://bugzilla.libav.org/show_bug.cgi?id=929
Vendor Advisory
Issue Tracking
https://ffmpeg.org/security.html
https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328
https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746
Patch
https://libav.org/releases/libav-11.7.changelog
Release Notes