CVE-2016-6671
Publication date 23 December 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.
Status
Package | Ubuntu Release | Status |
---|---|---|
ffmpeg | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
Notes
ebarretto
Fix was released in 3.1.2 version. Xenial has an older version of ffmpeg and the memcpy that would give an overflow is not present in the code.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |