Vulnerability Details : CVE-2016-2330
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-2330
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2330
1.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2330
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-2330
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2330
-
http://www.ubuntu.com/usn/USN-2944-1
USN-2944-1: Libav vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securitytracker.com/id/1035010
FFmpeg Processing Flaws Lets Remote Users Cause the Target Application or Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/84217
FFmpeg 'libavcodec/gif.c' CVE-2016-2330 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
git.videolan.org Git - ffmpeg.git/commitPatch;Vendor Advisory
-
https://security.gentoo.org/glsa/201606-09
FFmpeg: Multiple vulnerabilities (GLSA 201606-09) — Gentoo securityThird Party Advisory;VDB Entry
Jump to