PatchSiren cyber security CVE debrief

CVE-2016-9821 Libav CVE debrief

CVE-2016-9821 is a medium-severity denial-of-service issue in libav 11.8. NVD describes an integer overflow in libavcodec/mpegvideo_parser.c that can be triggered by a crafted file and result in a crash. The record is published as a CVSS 3.0 issue with high availability impact and no confidentiality or integrity impact.

Vendor: Libav
Product: CVE-2016-9821
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-01
Original CVE updated: 2026-05-13
Advisory published: 2017-03-01
Advisory updated: 2026-05-13

Who should care

Teams that build, package, or operate software using libav or libavcodec should review this CVE, especially media-processing services that accept untrusted files. Security and patch management teams should prioritize it for any environment still running libav 11.8 or derived packages with the same parser code.

Technical summary

NVD maps CVE-2016-9821 to CWE-190 (integer overflow) in libavcodec/mpegvideo_parser.c and marks libav 11.8 as the affected product version. The reported outcome is a crash/denial of service when the parser handles a crafted file. The CVSS vector in NVD is CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, which indicates user interaction is required even though the description frames the source as a crafted file delivered by an attacker.

Defensive priority

Medium. Treat as higher priority if libav is exposed to untrusted media uploads or automated file ingestion, because the primary impact is service availability.

Recommended defensive actions

Inventory systems using libav 11.8 or downstream packages that include the same parser code.
Apply the vendor or distribution security update that addresses CVE-2016-9821; if no patched package is available, replace or remove the affected libav build.
Restrict processing of untrusted media files to isolated services or sandboxes to reduce crash blast radius.
Monitor for repeated parser crashes, core dumps, and other instability in media ingestion workflows.
If you rely on a downstream distribution, check its security advisory for package-specific remediation guidance (for example, Debian DSA-3833 is listed in the source references).

Evidence notes

This debrief is based only on the supplied NVD record and its listed references. The NVD entry was published on 2017-03-01 and last modified on 2026-05-13. It identifies libav 11.8 as the vulnerable CPE, classifies the issue as CWE-190, and assigns CVSS 3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The description states that a crafted file can cause a crash. The source references include Debian DSA-3833, SecurityFocus BID 94732, and a Gentoo blog post about libav crashes.

Official resources

CVE-2016-9821 CVE record
CVE.org
CVE-2016-9821 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory

Public CVE record published by NVD on 2017-03-01 and last modified on 2026-05-13. No CISA KEV listing was provided in the supplied data.