ALPINE-CVE-2016-10191

ALPINE-CVE-2016-10191 PUBLISHED CVSS 9.800000190734863 CRITICAL

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.

Risk Scores

CVSS 3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.3	ffmpeg	0, 0.10-r0, 0.10-r1
Alpine:v3.4	ffmpeg	2.0.2-r0, 2.1-r0, 2.1.1-r0

Exploit Intelligence

Created Research Report to HeapOver flow that CVE 2016-10191 (github-poc-repo)

Timeline

Feb 9, 2017 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2016-10191 advisory

Open in Interactive Console →