Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
{
"cpe": [
"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.8.9"
},
{
"introduced": "3.0"
},
{
"last_affected": "3.0"
},
{
"introduced": "3.0.1"
},
{
"last_affected": "3.0.1"
},
{
"introduced": "3.0.2"
},
{
"last_affected": "3.0.2"
},
{
"introduced": "3.0.3"
},
{
"last_affected": "3.0.3"
},
{
"introduced": "3.0.4"
},
{
"last_affected": "3.0.4"
},
{
"introduced": "3.1"
},
{
"last_affected": "3.1"
},
{
"introduced": "3.1.1"
},
{
"last_affected": "3.1.1"
},
{
"introduced": "3.1.2"
},
{
"last_affected": "3.1.2"
},
{
"introduced": "3.1.3"
},
{
"last_affected": "3.1.3"
},
{
"introduced": "3.1.4"
},
{
"last_affected": "3.1.4"
},
{
"introduced": "3.1.5"
},
{
"last_affected": "3.1.5"
},
{
"introduced": "3.2"
},
{
"last_affected": "3.2"
},
{
"introduced": "3.2.1"
},
{
"last_affected": "3.2.1"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}{
"cpe": [
"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.8.9"
},
{
"introduced": "3.0"
},
{
"last_affected": "3.0"
},
{
"introduced": "3.0.1"
},
{
"last_affected": "3.0.1"
},
{
"introduced": "3.0.2"
},
{
"last_affected": "3.0.2"
},
{
"introduced": "3.0.3"
},
{
"last_affected": "3.0.3"
},
{
"introduced": "3.0.4"
},
{
"last_affected": "3.0.4"
},
{
"introduced": "3.1"
},
{
"last_affected": "3.1"
},
{
"introduced": "3.1.1"
},
{
"last_affected": "3.1.1"
},
{
"introduced": "3.1.2"
},
{
"last_affected": "3.1.2"
},
{
"introduced": "3.1.3"
},
{
"last_affected": "3.1.3"
},
{
"introduced": "3.1.4"
},
{
"last_affected": "3.1.4"
},
{
"introduced": "3.1.5"
},
{
"last_affected": "3.1.5"
},
{
"introduced": "3.2"
},
{
"last_affected": "3.2"
},
{
"introduced": "3.2.1"
},
{
"last_affected": "3.2.1"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}[
{
"digest": {
"function_hash": "92274830764906640701542815214003964729",
"length": 2522.0
},
"target": {
"function": "rtmp_packet_read_one_chunk",
"file": "libavformat/rtmppkt.c"
},
"id": "CVE-2016-10191-03556a4d",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/ffmpeg/ffmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"134176712849520932731543160601818351001",
"156785461138689732865857602962900086523",
"57755440124859462484793164720674791879"
]
},
"target": {
"file": "libavformat/rtmppkt.c"
},
"id": "CVE-2016-10191-b1922839",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/ffmpeg/ffmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10191.json"
"2026-07-08T12:43:26Z"