CVE-2016-8675

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-8675
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8675.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-8675
Downstream
Published
2017-02-15T21:59:00.357Z
Modified
2026-04-11T05:00:59.137751Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The getvlc2 function in getbits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection.

References

Affected packages

Git / github.com/libav/libav

Affected ranges

Type
GIT
Repo
https://github.com/libav/libav
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3c3a0a06804e901cb9d6d94784a4ec8ecb8fe9e2
Fixed
e5b019725f53b79159931d3a7317107cbbfd0860
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.8"
        }
    ]
}

Affected versions

dev14.*
dev14.2
v0.*
v0.7
v0.7b1
v0.7b2
v0.7rc1
v0.8
v0.8b1
v0.8b2
Other
v10_alpha1
v10_alpha2
v10_beta1
v11
v11_alpha1
v11_alpha2
v11_beta1
v11_dev0
v12_dev0
v9
v9_beta1
v9_beta2
v9_beta3
v11.*
v11.1
v11.2
v11.3
v11.4
v11.5
v11.6
v11.7
v11.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8675.json"
vanir_signatures_modified 
"2026-04-11T05:00:59Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "321142693121010581418646289099016438489",
                "239633447114481679835775621707483041135",
                "11291889930034608089616714022836546254",
                "99106633299237376193173656402539085251",
                "336722905847517177462785648080400559155",
                "13778668871422286883308215251849905423",
                "241465393658360743125963036776765630424",
                "296174214188742991122586453178002203646",
                "83486387580032572371839461737775151824",
                "285141421795515565073026816415658987073",
                "129088873199073268276711779281431234541",
                "224930657538715393918074217486063946203"
            ]
        },
        "id": "CVE-2016-8675-3b92c3ec",
        "deprecated": false,
        "target": {
            "file": "libavformat/m4vdec.c"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860",
        "digest": {
            "function_hash": "187451337293397042913815863985845387980",
            "length": 636.0
        },
        "id": "CVE-2016-8675-ba51d928",
        "deprecated": false,
        "target": {
            "file": "libavformat/m4vdec.c",
            "function": "mpeg4video_probe"
        }
    }
]