Vulnerabilities > CVE-2017-13135 - NULL Pointer Dereference vulnerability in Libbpg Project Libbpg 0.9.7

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

libbpg-project

CWE-476

NVD

Published: 2017-11-16

Updated: 2017-12-04

Summary

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.

Vulnerable Configurations

Part	Description	Count
Application	Libbpg_Project Libbpg Project Libbpg 0.9.7	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/ebel34/bpg-web-encoder/issues/1
http://www.securityfocus.com/bid/101929