1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Candidate: CVE-2016-10190
PublicDate: 2017-02-09
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10190
http://www.openwall.com/lists/oss-security/2017/01/31/12
Description:
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10,
3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows
remote web servers to execute arbitrary code via a negative chunk size in
an HTTP response.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Emil Lerner and Pavel Cheremushkin
Assigned-to:
Patches_libav:
upstream_libav: needed
precise_libav: ignored (reached end-of-life)
precise/esm_libav: DNE (precise was needed)
trusty_libav: needed
vivid/stable-phone-overlay_libav: DNE
vivid/ubuntu-core_libav: DNE
xenial_libav: DNE
yakkety_libav: DNE
zesty_libav: DNE
devel_libav: DNE
Patches_ffmpeg:
upstream: https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa
upstream_ffmpeg: released (7:3.2.2-1)
precise_ffmpeg: DNE
precise/esm_ffmpeg: DNE
trusty_ffmpeg: DNE
vivid/stable-phone-overlay_ffmpeg: DNE
vivid/ubuntu-core_ffmpeg: DNE
xenial_ffmpeg: needed
yakkety_ffmpeg: ignored (reached end-of-life)
zesty_ffmpeg: not-affected (7:3.2.2-2)
devel_ffmpeg: not-affected (7:3.2.2-2)
|