CVE-2016-8676

Name of the Vulnerable Software and Affected Versions Libav version 11.9

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and crash, via a crafted mp3 file. This problem exists due to an incomplete fix for a previous issue.

Recommendations For Libav version 11.9, consider avoiding the use of the get vlc2 function in get bits.h until a complete fix is available. As a temporary workaround, restrict the processing of crafted mp3 files to minimize the risk of exploitation.