CVE-2016-7424: Null Pointer Dereference
First published: Fri Oct 07 2016(Updated: )
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =8.0 | |
| Libav Libav | <=11.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2016/dsa-3685
- http://www.openwall.com/lists/oss-security/2016/09/16/17
- http://www.openwall.com/lists/oss-security/2016/09/17/1
- http://www.openwall.com/lists/oss-security/2016/09/17/4
- http://www.securityfocus.com/bid/93038
- https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/
- https://bugzilla.libav.org/show_bug.cgi?id=962
- https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee
- https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=136f55207521f0b03194ef5b55ba70f1635d6aee
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/libav
- canonical/libav libav
- version/libav libav/11.7