The putnorndpixels8xy2mmx function in x86/rndtemplate.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7424.json"