CVE-2016-8675

Name of the Vulnerable Software and Affected Versions Libav versions prior to 11.9

Description The issue allows remote attackers to cause a denial of service, resulting in a crash due to a NULL pointer dereference. This can be achieved by providing a crafted mp3 file, possibly related to startcode sequences during m4v detection.

Recommendations For versions prior to 11.9, update to version 11.9 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the get vlc2 function in get bits.h until a patch is available. Restrict access to crafted mp3 files to minimize the risk of exploitation.