These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-10192 is a critical FFmpeg vulnerability in ffserver.c where failure to validate chunk size can trigger a heap-based buffer overflow. The NVD record rates it 9.8/CRITICAL with network attack vector, low complexity, no privileges required, and no user interaction, making it a plausible remote code execution issue for exposed deployments.
CVE-2016-10191 is a critical memory-safety flaw in FFmpeg’s RTMP packet handling. The issue is a heap-based buffer overflow in libavformat/rtmppkt.c caused by failure to check RTMP packet size mismatches. In vulnerable FFmpeg releases, a remote attacker could trigger the flaw through specially crafted input and potentially execute arbitrary code. NVD lists affected branches as FFmpeg before 2.8.10, 3.0.x [truncated]
CVE-2016-10190 is a critical memory corruption issue in FFmpeg's HTTP handling code. According to NVD, a remote web server can trigger a heap-based buffer overflow in libavformat/http.c by sending a negative chunk size in an HTTP response. The issue was publicly disclosed on 2017-02-09, with vendor and mailing-list references indicating patch and advisory activity around that time.
CVE-2016-6920 is a heap-based buffer overflow in FFmpeg’s EXR decoder path. The issue affects FFmpeg versions before 3.1.3 and can be triggered remotely through inputs involving tile positions, leading to an application crash and denial of service. NVD assigns a HIGH severity score (CVSS 3.0: 7.5) and classifies the weakness as CWE-119.
CVE-2016-6164 is a critical FFmpeg issue in the MOV demuxing path. The flaw is an integer overflow in mov_build_index within libavformat/mov.c, reachable while processing sample size-related data in media files. NVD rates the issue as network-exploitable with no privileges or user interaction required, and assigns high confidentiality, integrity, and availability impact. Affected versions are identified a [truncated]