CVE-2017-14796

Name of the Vulnerable Software and Affected Versions libbpg version 0.9.7

Description The issue is related to the hevc write frame function in libbpg.c, which allows remote attackers to cause a denial of service, resulting in an integer underflow and application crash, or possibly have other unspecified impacts via a crafted BPG file. This is due to improper interaction with copy CTB to hv and sao filter CTB functions in hevc filter.c in libavcodec in FFmpeg.

Recommendations For libbpg version 0.9.7, update to a newer version that addresses the issue with the hevc write frame function to prevent potential denial of service or other impacts from crafted BPG files.