CVE-2016-7424
- Source
- https://cve.org/CVERecord?id=CVE-2016-7424
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7424.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-7424
- Downstream
- Published
- 2016-10-07T14:59:09.177Z
- Modified
- 2025-11-20T10:31:26.282774Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The putnorndpixels8xy2mmx function in x86/rndtemplate.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
- References
-
- http://www.securityfocus.com/bid/93038
- https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=136f55207521f0b03194ef5b55ba70f1635d6aee
- http://www.debian.org/security/2016/dsa-3685
- http://www.openwall.com/lists/oss-security/2016/09/16/17
- http://www.openwall.com/lists/oss-security/2016/09/17/1
- http://www.openwall.com/lists/oss-security/2016/09/17/4
- https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/
- https://bugzilla.libav.org/show_bug.cgi?id=962
Affected packages
Git / github.com/libav/libav
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libav/libav
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected