PatchSiren cyber security CVE debrief
CVE-2016-9819 Libav CVE debrief
CVE-2016-9819 is a denial-of-service issue in libav 11.8 affecting libavcodec/mpegvideo.c. The supplied sources describe a crash triggered by undefined behavior involving a left shift of a negative value. For defenders, the main concern is availability: affected media-processing or playback paths may crash when handling untrusted input. The issue is rated Medium by CVSS 3.0 in the supplied NVD record.
- Vendor
- Libav
- Product
- CVE-2016-9819
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-03-01
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-03-01
- Advisory updated
- 2026-05-13
Who should care
Operators and maintainers of systems that use libav 11.8, especially applications or services that process untrusted media files; desktop software bundling libav; and distro/package maintainers responsible for patched builds.
Technical summary
The NVD record maps this issue to libav 11.8 and CWE-189 (numeric errors). The vulnerability is described as a crash in libavcodec/mpegvideo.c caused by left shifting a negative value. The supplied NVD CVSS vector is CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating availability impact with user interaction required. The supplied CVE description also frames the issue as remotely triggerable, so defenders should treat the exact attack path as dependent on how the vulnerable code is exposed in a given deployment.
Defensive priority
Medium. Prioritize remediation where libav 11.8 is exposed to untrusted media inputs or embedded in user-facing applications, because the practical impact is crash/denial of service rather than code execution.
Recommended defensive actions
- Upgrade libav to a vendor- or distribution-fixed release that includes the correction for CVE-2016-9819.
- Inventory systems and applications that ship or link against libav 11.8, including transcoders, players, and libraries embedded in larger products.
- Reduce exposure to untrusted media files until patched, especially in workflows where crashes could interrupt service.
- Use sandboxing or process isolation for media parsing and decoding tasks to limit the blast radius of a crash.
- Monitor crash logs and telemetry for libavcodec/mpegvideo.c failures and treat repeated crashes as a sign of vulnerable processing paths.
- If you maintain a package or image, backport the fix into the shipped build and document the remediation in release notes.
Evidence notes
The supplied NVD record identifies libav 11.8 as vulnerable, classifies the weakness as CWE-189, and provides the CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The CVE description in the supplied corpus says the flaw in libavcodec/mpegvideo.c can let remote attackers cause a denial of service via left shifting a negative value. A third-party Gentoo advisory is also referenced in the source corpus, which supports the crash-oriented nature of the issue.
Official resources
-
CVE-2016-9819 CVE record
CVE.org
-
CVE-2016-9819 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
CVE-2016-9819 was published on 2017-03-01T15:59:00.430Z in the supplied record. The supplied corpus was last modified on 2026-05-13T00:24:29.033Z. No KEV entry is listed in the provided data.