CVE-2016-10190

🗓️ 09 Feb 2017 15:59:00Reported by [email protected]Type

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response

Reporter	Title	Published	Views	Family All 28
AlpineLinux	CVE-2016-10190	9 Feb 201715:00	–	alpinelinux
CNVD	FFmpeg Stack Buffer Overflow Vulnerability	10 Feb 201700:00	–	cnvd
CVE	CVE-2016-10190	9 Feb 201715:00	–	cve
Cvelist	CVE-2016-10190	9 Feb 201715:00	–	cvelist
Debian	[SECURITY] [DLA 1611-1] libav security update	20 Dec 201821:51	–	debian
Debian CVE	CVE-2016-10190	9 Feb 201715:00	–	debiancve
Tenable Nessus	openSUSE Security Update : ffmpeg / ffmpeg2 (openSUSE-2017-1067)	18 Sep 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : ffmpeg (openSUSE-2017-449)	10 Apr 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : ffmpeg (openSUSE-2017-524)	28 Apr 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : ffmpeg2 (openSUSE-2017-631)	30 May 201700:00	–	nessus

NVD

Node

ffmpeg ffmpegRange≤2.8.9

ffmpeg ffmpegMatch3.0

ffmpeg ffmpegMatch3.0.1

ffmpeg ffmpegMatch3.0.2

ffmpeg ffmpegMatch3.0.3

ffmpeg ffmpegMatch3.0.4

ffmpeg ffmpegMatch3.1

ffmpeg ffmpegMatch3.1.1

ffmpeg ffmpegMatch3.1.2

ffmpeg ffmpegMatch3.1.3

ffmpeg ffmpegMatch3.1.4

ffmpeg ffmpegMatch3.1.5

ffmpeg ffmpegMatch3.2

ffmpeg ffmpegMatch3.2.1

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2018/12/msg00009.html
openwall	www.openwall.com/lists/oss-security/2017/02/02/1
trac	www.trac.ffmpeg.org/ticket/5992
openwall	www.openwall.com/lists/oss-security/2017/01/31/12
github	www.github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa
securityfocus	www.securityfocus.com/bid/95986
ffmpeg	www.ffmpeg.org/security.html

13 May 2026 00:24Current

9.9High risk

Vulners AI Score9.9

CVSS 27.5

CVSS 39.8

EPSS0.09983

CWE-119