VYPR

Libbpg

by Libbpg Project

CVEs (8)

  • CVE-2017-14034HigNov 16, 2017
    risk 0.57cvss 8.8epss 0.02

    The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have…

  • CVE-2017-13136HigNov 16, 2017
    risk 0.57cvss 8.8epss 0.01

    The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.

  • CVE-2017-14796HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.02

    The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in…

  • CVE-2017-14795HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.01

    The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in…

  • CVE-2017-14734HigSep 25, 2017
    risk 0.57cvss 8.8epss 0.02

    The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.

  • CVE-2016-5637HigJul 15, 2016
    risk 0.57cvss 8.8epss 0.03

    The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a "type confusion"…

  • CVE-2017-13135HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.01

    A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.

  • CVE-2016-8710HigJan 26, 2017
    risk 0.51cvss 7.8epss 0.03

    An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This…