vulnerability
Arch Linux: Arbitrary code execution (CVE-2016-5199)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jan 19, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jan 19, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
FFMPEG MP4 decoder contains an off-by-one error resulting in an allocation of size 0, followed by corrupting an arbitrary number of pointers out of bounds on the heap, where each is pointing to controllable or uninitialized data. A remote attacker can potentially use this flaw to exploit heap corruption via a crafted video file.
Solution
arch-linux-upgrade-latest
References
- CVE-2016-5199
- https://attackerkb.com/topics/CVE-2016-5199
- URL-http://rhn.redhat.com/errata/RHSA-2016-2718.html
- URL-http://www.securityfocus.com/bid/94196
- URL-http://www.securitytracker.com/id/1037273
- URL-https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
- URL-https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0
- URL-https://crbug.com/643948
- URL-https://security.archlinux.org/ASA-201702-2
- URL-https://security.gentoo.org/glsa/201611-16
- CWE-119
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.