CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
55.0%
libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a
denial of service (crash) via a crafted file.
Author | Note |
---|---|
ebarretto | as of 2018-09-28, no upstream fix |
blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
launchpad.net/bugs/cve/CVE-2016-9823
nvd.nist.gov/vuln/detail/CVE-2016-9823
security-tracker.debian.org/tracker/CVE-2016-9823
www.cve.org/CVERecord?id=CVE-2016-9823
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
55.0%