igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via crafted IGMPv3 membership report packet with malicious source address. Due insufficient validation in the `recv_igmp()` function src/igmpproxy.c, an invalid group record type can trigger NULL pointer dereference when logging address using `inet_fmtsrc()`. This vulnerability be exploited by sending malformed multicast traffic host running igmpproxy, leading crash. igmpproxy is used various embedded networking environments and consumer-grade IoT devices (such as home routers media gateways) handle for IPTV other streaming services. Affected that rely on unpatched versions may vulnerable denial-of-service attacks across LAN .