PT-2018-11180 · Facebook+1 · Libbpg+1

Ghost

Published

2018-06-15

Updated

2020-08-24

CVE-2018-12447

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libbpg version 0.9.8

Description The issue is related to an integer overflow in the restore tqb pixels function, located in the hevc filter.c file of libavcodec, which can lead to a heap-based buffer overflow and potentially allow remote code execution.

Recommendations For libbpg version 0.9.8, consider applying a patch that fixes the integer overflow in the restore tqb pixels function to prevent heap-based buffer overflow and remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

CVE-2018-12447

Affected Products

Libavcodec

Libbpg

PT-2018-11180 · Facebook+1 · Libbpg+1

CVE-2018-12447

Weakness Enumeration

Related Identifiers

Affected Products

References · 4