8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.7%
An off by one error resulting in an allocation of zero size in FFmpeg in
Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows,
and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote
attacker to potentially exploit heap corruption via a crafted video file.
Author | Note |
---|---|
ebarretto | Could not find the same affected code on xenial version. The fix came on version 3.2 and xenial is on 2.8.14 where that function does not exist and there was no similar code. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 17.10 | noarch | chromium-browser | < 55.0.2883.87-0ubuntu1 | UNKNOWN |
ubuntu | 18.04 | noarch | chromium-browser | < 55.0.2883.87-0ubuntu1 | UNKNOWN |
ubuntu | 14.04 | noarch | chromium-browser | < 58.0.3029.81-0ubuntu0.14.04.1172 | UNKNOWN |
ubuntu | 16.04 | noarch | chromium-browser | < 55.0.2883.87-0ubuntu0.16.04.1263 | UNKNOWN |
ubuntu | 16.10 | noarch | chromium-browser | < 55.0.2883.87-0ubuntu0.16.10.1328 | UNKNOWN |
ubuntu | 17.04 | noarch | chromium-browser | < 55.0.2883.87-0ubuntu1 | UNKNOWN |
ubuntu | 18.04 | noarch | ffmpeg | < 7:3.2-1 | UNKNOWN |
ubuntu | 16.10 | noarch | ffmpeg | < 7:3.0.5-0ubuntu0.16.10.1 | UNKNOWN |
ubuntu | 17.10 | noarch | oxide-qt | < 1.19.6-0ubuntu2 | UNKNOWN |
ubuntu | 14.04 | noarch | oxide-qt | < 1.18.5-0ubuntu0.14.04.1 | UNKNOWN |
chromium-review.googlesource.com/383956
github.com/FFmpeg/FFmpeg/commit/347cb14b7cba7560e53f4434b419b9d8800253e7
launchpad.net/bugs/cve/CVE-2016-5199
nvd.nist.gov/vuln/detail/CVE-2016-5199
security-tracker.debian.org/tracker/CVE-2016-5199
ubuntu.com/security/notices/USN-3133-1
www.cve.org/CVERecord?id=CVE-2016-5199
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.7%