Vulnerabilities > Libbpg Project

DATE CVE VULNERABILITY TITLE RISK
2018-08-22 CVE-2017-2575 NULL Pointer Dereference vulnerability in Libbpg Project Libbpg 0.9.7
A vulnerability was found while fuzzing libbpg 0.9.7.
network
low complexity
libbpg-project CWE-476
6.5
2018-06-15 CVE-2018-12447 Integer Overflow or Wraparound vulnerability in Libbpg Project Libbpg 0.9.8
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.
network
low complexity
libbpg-project CWE-190
8.8
2017-11-16 CVE-2017-14034 Out-of-bounds Read vulnerability in Libbpg Project Libbpg 0.9.7
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.
network
low complexity
libbpg-project CWE-125
8.8
2017-11-16 CVE-2017-13136 Integer Overflow or Wraparound vulnerability in Libbpg Project Libbpg 0.9.7
The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.
network
low complexity
libbpg-project CWE-190
8.8
2017-11-16 CVE-2017-13135 NULL Pointer Dereference vulnerability in Libbpg Project Libbpg 0.9.7
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.
local
low complexity
libbpg-project CWE-476
7.8
2017-09-28 CVE-2017-14796 Integer Underflow (Wrap or Wraparound) vulnerability in Libbpg Project Libbpg 0.9.7
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.
network
low complexity
libbpg-project CWE-191
8.8
2017-09-28 CVE-2017-14795 Out-of-bounds Read vulnerability in Libbpg Project Libbpg 0.9.7
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.
network
low complexity
libbpg-project CWE-125
8.8
2017-09-25 CVE-2017-14734 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libbpg Project Libbpg 0.9.7
The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.
network
low complexity
libbpg-project CWE-119
8.8
2017-01-26 CVE-2016-8710 Out-of-bounds Write vulnerability in Libbpg Project Libbpg 0.9.4/0.9.7
An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library.
local
low complexity
libbpg-project CWE-787
7.8
2016-07-15 CVE-2016-5637 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libbpg Project Libbpg 0.9.5/0.9.6/0.9.7
The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a "type confusion" issue.
network
low complexity
libbpg-project CWE-119
8.8