Vulnerabilities > CVE-2016-7502 - Out-of-bounds Read vulnerability in Ffmpeg
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1203.NASL description This update for ffmpeg fixes multiple security issues in ffmpeg (boo#1003806) These vulnerabilities can be triggered when processing specially crafted avi video content, and could lead to crashes or have unspecified further impact including potential code execution. - CVE-2016-7562: out-of-bounds array write fault via specially crafted avi files - CVE-2016-7502: out-of-bounds array write via incorrect block values - CVE-2016-7905: null-point-exception when decoding avi files with crafted last seen 2020-06-05 modified 2016-10-19 plugin id 94129 published 2016-10-19 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94129 title openSUSE Security Update : ffmpeg (openSUSE-2016-1203) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-71.NASL description The remote host is affected by the vulnerability described in GLSA-201701-71 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could cause a Denial of Service condition via various crafted media file types or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96857 published 2017-01-30 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96857 title GLSA-201701-71 : FFmpeg: Multiple vulnerabilities