PT-2017-13689 · FFmpeg+1 · Libbpg+2
Leonzhao7
·
Published
2017-09-27
·
Updated
2019-03-15
·
CVE-2017-14796
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libbpg version 0.9.7
Description
The issue is related to the
hevc write frame function in libbpg.c, which allows remote attackers to cause a denial of service, resulting in an integer underflow and application crash, or possibly have other unspecified impacts via a crafted BPG file. This is due to improper interaction with copy CTB to hv and sao filter CTB functions in hevc filter.c in libavcodec in FFmpeg.Recommendations
For libbpg version 0.9.7, update to a newer version that addresses the issue with the
hevc write frame function to prevent potential denial of service or other impacts from crafted BPG files.Exploit
Fix
DoS
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Libavcodec
Libbpg