CVE-2016-1898

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2016/01/14/1
http://habrahabr.ru/company/mailru/blog/274855	Exploit
http://www.ubuntu.com/usn/USN-2944-1
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html
http://www.securityfocus.com/bid/80501
https://security.gentoo.org/glsa/201606-09
http://www.debian.org/security/2016/dsa-3506
http://www.securitytracker.com/id/1034932
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036
https://www.kb.cert.org/vuls/id/772447
https://security.gentoo.org/glsa/201705-08

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ffmpeg:ffmpeg:2.8.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.8.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.6.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.5.9:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.5.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.5.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.3.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.12:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.11:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.3.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.5.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.10:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.8.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.6.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.8:dev::::::
	cpe:2.3:a:ffmpeg:ffmpeg:2.1.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.1.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.11:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.13:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.12:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.5.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.6.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.8.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.9:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.7.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.3.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.5.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.15:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.6.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.14:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.5.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.1.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.7.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.3.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.3.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.2.9:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.4.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.1.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.7.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:2.1.1:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.7.4:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.5.3:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.2.10:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.1:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.2.16:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.4:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.3.1:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.6.1:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.2.7:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.2.5:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.2.2:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.1.2:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.5.2:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.0.7:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.1.6:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.1.7:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.0.6:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:2.0.5:::::::*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Information

Published : 2016-01-14 19:59

Updated : 2018-10-30 09:27

NVD link : CVE-2016-1898

Mitre link : CVE-2016-1898

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

canonical

ubuntu_linux

ffmpeg

ffmpeg

opensuse

leap

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2016/01/14/1", "name": "[oss-security] 20160114 Re: Fwd: FFmpeg: stealing local files with HLS+concat", "tags": [], "refsource": "MLIST"}, {"url": "http://habrahabr.ru/company/mailru/blog/274855", "name": "http://habrahabr.ru/company/mailru/blog/274855", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.ubuntu.com/usn/USN-2944-1", "name": "USN-2944-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html", "name": "openSUSE-SU-2016:0243", "tags": [], "refsource": "SUSE"}, {"url": "http://www.securityfocus.com/bid/80501", "name": "80501", "tags": [], "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201606-09", "name": "GLSA-201606-09", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.debian.org/security/2016/dsa-3506", "name": "DSA-3506", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.securitytracker.com/id/1034932", "name": "1034932", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036", "name": "SSA:2016-034-02", "tags": [], "refsource": "SLACKWARE"}, {"url": "https://www.kb.cert.org/vuls/id/772447", "name": "VU#772447", "tags": [], "refsource": "CERT-VN"}, {"url": "https://security.gentoo.org/glsa/201705-08", "name": "GLSA-201705-08", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-1898", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2016-01-15T03:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.8:dev:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:27Z"}

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2016-1898

5.5^/10

4.3^/10

Attach tags to `CVE-2016-1898`