These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-6920 is a heap-based buffer overflow in FFmpeg’s EXR decoder path. The issue affects FFmpeg versions before 3.1.3 and can be triggered remotely through inputs involving tile positions, leading to an application crash and denial of service. NVD assigns a HIGH severity score (CVSS 3.0: 7.5) and classifies the weakness as CWE-119.
CVE-2016-6164 is a critical FFmpeg issue in the MOV demuxing path. The flaw is an integer overflow in mov_build_index within libavformat/mov.c, reachable while processing sample size-related data in media files. NVD rates the issue as network-exploitable with no privileges or user interaction required, and assigns high confidentiality, integrity, and availability impact. Affected versions are identified a [truncated]