---

CVE-2016-5199 - log back

CVE-2016-5199 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ FFMPEG MP4 decoder contains an off-by-one error resulting in an allocation of size 0, followed by corrupting an arbitrary number of pointers out of bounds on the heap, where each is pointing to controllable or uninitialized data. A remote attacker can potentially use this flaw to exploit heap corruption via a crafted video file.
References	+ https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html + https://bugs.chromium.org/p/chromium/issues/detail?id=643948
Notes