cve/2016/CVE-2016-10190.md

CVE-2016-10190

Description

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

POC

Reference

• https://ffmpeg.org/security.html
• https://trac.ffmpeg.org/ticket/5992

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/floatingHKX/Binary-Exploit-Visualization
• https://github.com/muzalam/FFMPEG-exploit
• https://github.com/sereok3/buffer-overflow-writeups