MidnightBSD

Advisories for libbpg_project

CVE-2016-5637 MEDIUM

The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a "type confusion" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libbpg_project libbpg *
CVE-2016-8710 MEDIUM

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libbpg_project libbpg 0.9.4
libbpg_project libbpg 0.9.7
CVE-2017-13135 MEDIUM

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libbpg_project libbpg 0.9.7
CVE-2017-13136 MEDIUM

The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libbpg_project libbpg 0.9.7
CVE-2017-14034 MEDIUM

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libbpg_project libbpg 0.9.7
CVE-2017-14734 MEDIUM

The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libbpg_project libbpg 0.9.7
CVE-2017-14795 MEDIUM

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libbpg_project libbpg 0.9.7
CVE-2017-14796 MEDIUM

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
libbpg_project libbpg 0.9.7
CVE-2017-2575 MEDIUM

A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-476,

Products Affected

Vendor Product Version
libbpg_project libbpg 0.9.7
CVE-2018-12447 MEDIUM

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
libbpg_project libbpg 0.9.8