VDB
CVE-2016-7499
CVE-2016-7499
PUBLISHED
The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.
EPSS 0.54% · 68.1th percentile
Risk Scores
EPSS Score
0.54%
68.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | libav | 0, 6:0.8.7-1ubuntu2, 6:9.10-1ubuntu1 |
Exploit Intelligence
- 93102 (circl)
- [oss-security] 20160921 Re: libav: divide-by-zero in sbr_make_f_master (aacsbr.c) (circl)
- https://git.libav.org/?p=libav.git%3Ba=blobdiff%3Bf=libavcodec/aacsbr.c%3Bh=7d156e525b40b197c38db17acf16730845b91e56%3Bhp=dbfb1677813ce6c531e4362d0be7ccf9fdfdd28e%3Bhb=a50a5ff29ec5a8243499769e2bb9b5509ce9fd52%3Bhpb=f55e3ff5891daf3d538b4d9176371960200d68fa (circl)
- https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/ (circl)
Timeline
- Feb 15, 2017 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-7499 third-party-advisory
- https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/ third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/09/21/7 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-7499 third-party-advisory