CVE-2017-14034

Name of the Vulnerable Software and Affected Versions libbpg version 0.9.7

Description The issue is related to the restore tqb pixels function in hevc filter.c within libavcodec, which is used in libbpg and other products. This function miscalculates a memcpy destination address, allowing remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash. It may also have other unspecified impacts.

Recommendations For libbpg version 0.9.7, consider applying a patch that corrects the restore tqb pixels function's calculation of the memcpy destination address to prevent the buffer over-read and potential crashes. As a temporary workaround, restrict the use of the restore tqb pixels function until a patch is available.