Lucene search

Ubuntu.comUB:CVE-2016-6920

HistoryJan 23, 2017 - 12:00 a.m.

CVE-2016-6920

2017-01-2300:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.017

Percentile

87.8%

JSON

Heap-based buffer overflow in the decode_block function in libavcodec/exr.c
in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service
(application crash) via vectors involving tile positions.

Notes

Author	Note
ebarretto	This CVE doesn’t affect version 2.8.14 which is found in xenial, because tile is not supported in this version.

References

seclists.org/bugtraq/2016/Sep/7

launchpad.net/bugs/cve/CVE-2016-6920

nvd.nist.gov/vuln/detail/CVE-2016-6920

security-tracker.debian.org/tracker/CVE-2016-6920

www.cve.org/CVERecord?id=CVE-2016-6920

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.017

Percentile

87.8%

JSON

Related for UB:CVE-2016-6920