CVE-2017-14734

Name of the Vulnerable Software and Affected Versions libbpg version 0.9.7

Description The issue allows remote attackers to cause a denial of service, which can result in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts. This is achieved through a crafted BPG file, specifically related to the hevc decode init1 function in the build msps function in libbpg.c.

Recommendations For libbpg version 0.9.7, consider avoiding the use of crafted BPG files until a patch is available. As a temporary workaround, restricting access to the build msps function in libbpg.c may help minimize the risk of exploitation.