CVE-2016-6832

low-risk
Published 2017-02-15

Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing.

Do I need to act?

-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Libav

References (10)

Exploit http://www.openwall.com/lists/oss-security/2016/08/13/1
Exploit http://www.openwall.com/lists/oss-security/2016/08/18/1
Exploit https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_a...
Exploit https://bugzilla.libav.org/show_bug.cgi?id=825
https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=0ac8ff618c5e6d878c547a8877e714...
Exploit http://www.openwall.com/lists/oss-security/2016/08/13/1
Exploit http://www.openwall.com/lists/oss-security/2016/08/18/1
Exploit https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_a...
Exploit https://bugzilla.libav.org/show_bug.cgi?id=825
https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=0ac8ff618c5e6d878c547a8877e714...
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal