Vulnerabilities > CVE-2016-7905 - NULL Pointer Dereference vulnerability in Ffmpeg
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1203.NASL description This update for ffmpeg fixes multiple security issues in ffmpeg (boo#1003806) These vulnerabilities can be triggered when processing specially crafted avi video content, and could lead to crashes or have unspecified further impact including potential code execution. - CVE-2016-7562: out-of-bounds array write fault via specially crafted avi files - CVE-2016-7502: out-of-bounds array write via incorrect block values - CVE-2016-7905: null-point-exception when decoding avi files with crafted last seen 2020-06-05 modified 2016-10-19 plugin id 94129 published 2016-10-19 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94129 title openSUSE Security Update : ffmpeg (openSUSE-2016-1203) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-71.NASL description The remote host is affected by the vulnerability described in GLSA-201701-71 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could cause a Denial of Service condition via various crafted media file types or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96857 published 2017-01-30 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96857 title GLSA-201701-71 : FFmpeg: Multiple vulnerabilities