CVE-2016-5199 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
FFMPEG MP4 decoder contains an off-by-one error resulting in an allocation of size 0, followed by corrupting an arbitrary number of pointers out of bounds on the heap, where each is pointing to controllable or uninitialized data. A remote attacker can potentially use this flaw to exploit heap corruption via a crafted video file.
Group Package Affected Fixed Severity Status Ticket
AVG-162 qt5-webengine 5.7.1-1 5.8.0-1 High Fixed
Date Advisory Group Package Severity Description
02 Feb 2017 ASA-201702-2 AVG-162 qt5-webengine High multiple issues
References
https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html
https://bugs.chromium.org/p/chromium/issues/detail?id=643948