CVE-2017-14795

Name of the Vulnerable Software and Affected Versions libbpg version 0.9.7

Description The issue is related to the hevc write frame function in libbpg.c, which allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, or possibly have other unspecified impacts via a crafted BPG file. This is due to improper interaction with hls pcm sample in hevc.c and put pcm var in hevcdsp template.c, both in libavcodec in FFmpeg.

Recommendations For libbpg version 0.9.7, consider avoiding the use of the hevc write frame function until a patch is available. As a temporary workaround, restrict the handling of crafted BPG files to minimize the risk of exploitation.