CVE-2016-7477 - The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause

CVE-2016-7477

Summary

The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference.

References

http://www.openwall.com/lists/oss-security/2016/09/21/6
http://www.securityfocus.com/bid/93042
https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/

Vulnerable Configurations

cpe:2.3:a:libav:libav:11.7:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:11.7:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 17-02-2017 - 14:37)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	93042
misc	https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/
mlist	[oss-security] 20160921 Re: libav: NULL pointer dereference in ff_put_pixels8_xy2_mmx (rnd_template.c)

Last major update

17-02-2017 - 14:37

Published

15-02-2017 - 21:59

Last modified

17-02-2017 - 14:37