PT-2017-9197 · Libav · Libav
Agostino Sarubbo
·
Published
2017-02-15
·
Updated
2017-02-17
·
CVE-2016-7477
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Libav version 11.7
Description
The issue allows remote attackers to cause a denial of service, resulting in invalid memory access and a crash, via a crafted mp3 file. This is due to a problem in the ff put pixels8 xy2 mmx function in rnd template.c.
Recommendations
For Libav version 11.7, consider applying a patch or fix that addresses the issue in the ff put pixels8 xy2 mmx function to prevent denial of service attacks.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libav