CVE-2016-5199

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
googlechrome
𝑥
≤ 54.0.2840.87
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bullseye
7:4.3.7-0+deb11u1
fixed
jessie
not-affected
bullseye (security)
7:4.3.8-0+deb11u1
fixed
bookworm
7:5.1.6-0+deb12u1
fixed
bookworm (security)
7:5.1.6-0+deb12u1
fixed
sid
7:7.1-3
fixed
trixie
7:7.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
bionic
Fixed 55.0.2883.87-0ubuntu1
released
artful
Fixed 55.0.2883.87-0ubuntu1
released
zesty
Fixed 55.0.2883.87-0ubuntu1
released
yakkety
Fixed 55.0.2883.87-0ubuntu0.16.10.1328
released
xenial
Fixed 55.0.2883.87-0ubuntu0.16.04.1263
released
trusty
Fixed 58.0.3029.81-0ubuntu0.14.04.1172
released
precise
ignored
ffmpeg
bionic
Fixed 7:3.2-1
released
artful
ignored
zesty
ignored
yakkety
Fixed 7:3.0.5-0ubuntu0.16.10.1
released
xenial
not-affected
trusty
dne
precise
dne
libav
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
not-affected
precise
ignored
oxide-qt
bionic
dne
artful
Fixed 1.19.6-0ubuntu2
released
zesty
Fixed 1.19.6-0ubuntu2
released
yakkety
Fixed 1.18.5-0ubuntu0.16.10.1
released
xenial
Fixed 1.18.5-0ubuntu0.16.04.1
released
trusty
Fixed 1.18.5-0ubuntu0.14.04.1
released
precise
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-2718.html
http://www.securityfocus.com/bid/94196
http://www.securitytracker.com/id/1037273
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
https://crbug.com/643948
https://security.gentoo.org/glsa/201611-16
http://rhn.redhat.com/errata/RHSA-2016-2718.html
http://www.securityfocus.com/bid/94196
http://www.securitytracker.com/id/1037273
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
https://crbug.com/643948
https://security.gentoo.org/glsa/201611-16