libbpg
by Libbpg
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12447 | Hig | 0.58 | 8.8 | 0.04 | Jun 15, 2018 | The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution. | ||
| CVE-2017-14034 | Hig | 0.57 | 8.8 | 0.02 | Nov 16, 2017 | The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have… | ||
| CVE-2017-13136 | Hig | 0.57 | 8.8 | 0.01 | Nov 16, 2017 | The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. | ||
| CVE-2017-14796 | Hig | 0.57 | 8.8 | 0.02 | Sep 28, 2017 | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in… | ||
| CVE-2017-14795 | Hig | 0.57 | 8.8 | 0.01 | Sep 28, 2017 | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in… | ||
| CVE-2017-14734 | Hig | 0.57 | 8.8 | 0.02 | Sep 25, 2017 | The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1. | ||
| CVE-2017-13135 | Hig | 0.51 | 7.8 | 0.01 | Nov 16, 2017 | A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. | ||
| CVE-2016-8710 | Hig | 0.51 | 7.8 | 0.03 | Jan 26, 2017 | An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This… |
- risk 0.58cvss 8.8epss 0.04
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.
- risk 0.57cvss 8.8epss 0.02
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have…
- risk 0.57cvss 8.8epss 0.01
The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.
- risk 0.57cvss 8.8epss 0.02
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in…
- risk 0.57cvss 8.8epss 0.01
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in…
- risk 0.57cvss 8.8epss 0.02
The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.
- risk 0.51cvss 7.8epss 0.01
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.
- risk 0.51cvss 7.8epss 0.03
An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This…