Liu Bingchang

#9883of 53,633
27.9Total CVSS
Vulnerabilities · 4
Medium
3
Critical
1
PT-2017-14587
9.8
2017-11-21
FFmpeg · Ffmpeg · CVE-2017-16840
**Name of the Vulnerable Software and Affected Versions** FFmpeg versions 3.0 through 3.4 **Description** The issue is related to the VC-2 Video Compression encoder, which allows remote attackers to cause a denial of service due to an out-of-bounds read. This occurs because of incorrect buffer padding for non-Haar wavelets, specifically in the files libavcodec/vc2enc.c and libavcodec/vc2enc dwt.c. **Recommendations** For FFmpeg versions 3.0 through 3.4, consider updating to a version that addresses the incorrect buffer padding issue for non-Haar wavelets in the VC-2 Video Compression encoder. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2017-1002
6.1
2017-08-23
None · Libexif · CVE-2016-6328
**Name of the Vulnerable Software and Affected Versions** libexif (affected versions not specified) **Description** The issue is related to an integer overflow when parsing the MNOTE entry data of the input file, which can cause Denial-of-Service (DoS) and Information Disclosure. This may allow a remote attacker to access confidential information or cause a service disruption. Additionally, there is a possible out of bounds write due to a missing bounds check in the `mnote pentax entry get value` function, which could lead to remote code execution without requiring additional execution privileges. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-5111
6.5
2017-04-05
Jasper · Jasper · CVE-2016-9600
**Name of the Vulnerable Software and Affected Versions** JasPer versions prior to 2.0.10 **Description** A null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. **Recommendations** For versions prior to 2.0.10, update to version 2.0.10 or later to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted JPEG 2000 image files that could cause the application to crash.
PT-2016-7787
5.5
2016-12-16
Jasper · Jasper · CVE-2016-9591
**Name of the Vulnerable Software and Affected Versions** JasPer versions prior to 2.0.12 **Description** The issue arises from a use-after-free when decoding certain JPEG 2000 image files, which can cause a crash in the application using JasPer. **Recommendations** For versions prior to 2.0.12, update to version 2.0.12 or later to resolve the issue.