These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-9823 was published on 2017-03-01 and describes a denial-of-service condition in Libav 11.8. According to the CVE record, libavcodec/x86/mpegvideo.c can be crashed by a crafted file. NVD classifies the issue as medium severity and maps it to CWE-119, with the availability impact rated high.
CVE-2016-9822 describes an integer overflow in libavcodec/mpeg12dec.c in libav 11.8. The practical impact reported in the CVE is a denial-of-service condition: a crafted file can crash the affected decoder. NVD classifies the issue as CWE-190 and assigns CVSS 3.0 5.5 (Medium). The NVD vector indicates availability impact with user interaction required.
CVE-2016-9821 is a medium-severity denial-of-service issue in libav 11.8. NVD describes an integer overflow in libavcodec/mpegvideo_parser.c that can be triggered by a crafted file and result in a crash. The record is published as a CVSS 3.0 issue with high availability impact and no confidentiality or integrity impact.
CVE-2016-9820 is a denial-of-service issue in libav 11.8 affecting libavcodec/mpegvideo_motion.c. The flaw is described as a left shift of a negative value, which can trigger a crash during media processing. NVD rates the issue medium severity and maps it to CWE-189 (numeric errors).
CVE-2016-9819 is a denial-of-service issue in libav 11.8 affecting libavcodec/mpegvideo.c. The supplied sources describe a crash triggered by undefined behavior involving a left shift of a negative value. For defenders, the main concern is availability: affected media-processing or playback paths may crash when handling untrusted input. The issue is rated Medium by CVSS 3.0 in the supplied NVD record.
CVE-2016-8676 is a denial-of-service issue in Libav’s get_vlc2 logic that can trigger a NULL pointer dereference and crash when processing a crafted MP3 file. The issue is described as an incomplete fix for CVE-2016-8675, and the NVD record published on 2017-02-15 indicates vulnerable Libav versions up to 11.8.
CVE-2016-8675 is a denial-of-service issue in Libav’s bitstream parsing path. A crafted MP3 file can trigger a NULL pointer dereference in get_vlc2 (in get_bits.h), crashing the process; NVD lists the vulnerable range as Libav through 11.8.
CVE-2016-7499 affects Libav 11.7 and can crash the application when it processes a crafted MP3 file. NVD describes the issue as a divide-by-zero error in sbr_make_f_master within aacsbr.c, resulting in denial of service. The issue was publicly disclosed on 2017-02-15 and is rated medium severity.
CVE-2016-7477 describes a denial-of-service issue in Libav 11.7 affecting ff_put_pixels8_xy2_mmx in rnd_template.c. The CVE description says a crafted MP3 file can trigger invalid memory access and a crash, and the original report initially described it as a NULL pointer dereference. NVD classifies the record as CVSS 3.0 5.5 MEDIUM (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). The supplied record also shows a wo [truncated]
CVE-2016-7393 is a media-parsing flaw in Libav’s AAC handling that can be triggered by a crafted file. The issue is described as a stack-based buffer overflow in aac_sync, and the published impact is denial of service through an out-of-bounds read. NVD lists Libav versions through 11.4 as vulnerable.
CVE-2016-6832 is a heap-based buffer overflow in libav’s ff_audio_resample function (resample.c) that affects libav versions before 11.4. The NVD record says the issue can lead to a denial of service via a crash, and the weakness is classified as CWE-119. This record is dated 2017-02-15, while supporting advisories and the fix discussion in the supplied references date to August 2016. One important nuance [truncated]