Vulnerabilities > CVE-2016-7905 - NULL Pointer Dereference vulnerability in Ffmpeg

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
ffmpeg
CWE-476
nessus

Summary

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

Vulnerable Configurations

Part Description Count
Application
Ffmpeg
289

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1203.NASL
    descriptionThis update for ffmpeg fixes multiple security issues in ffmpeg (boo#1003806) These vulnerabilities can be triggered when processing specially crafted avi video content, and could lead to crashes or have unspecified further impact including potential code execution. - CVE-2016-7562: out-of-bounds array write fault via specially crafted avi files - CVE-2016-7502: out-of-bounds array write via incorrect block values - CVE-2016-7905: null-point-exception when decoding avi files with crafted
    last seen2020-06-05
    modified2016-10-19
    plugin id94129
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94129
    titleopenSUSE Security Update : ffmpeg (openSUSE-2016-1203)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-71.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-71 (FFmpeg: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could cause a Denial of Service condition via various crafted media file types or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96857
    published2017-01-30
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96857
    titleGLSA-201701-71 : FFmpeg: Multiple vulnerabilities