Vulnerabilities > CVE-2017-14796 - Integer Underflow (Wrap or Wraparound) vulnerability in Libbpg Project Libbpg 0.9.7

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

libbpg-project

CWE-191

NVD

Published: 2017-09-28

Updated: 2017-09-30

Summary

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.

Vulnerable Configurations

Part	Description	Count
Application	Libbpg_Project Libbpg Project Libbpg 0.9.7	1

Common Weakness Enumeration (CWE)

CWE-191 - Integer Underflow (Wrap or Wraparound)

References

https://github.com/leonzhao7/vulnerability/blob/master/An%20integer%20underflow%20vulnerability%20in%20sao_filter_CTB%20of%20libbpg.md