MidnightBSD

Advisories for multicorewareinc

CVE-2017-13666 LOW

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.

CVSS 2.0

Severity: LOW

Problem Type: CWE-191,

Products Affected

Vendor Product Version
multicorewareinc x265 1.8
multicorewareinc x265 1.7
multicorewareinc x265 2.3
multicorewareinc x265 2.2
multicorewareinc x265 0.7
multicorewareinc x265 2.0
multicorewareinc x265 2.4
multicorewareinc x265 0.1
multicorewareinc x265 1.5
multicorewareinc x265 1.1
multicorewareinc x265 1.4
multicorewareinc x265 1.9
multicorewareinc x265 0.5
multicorewareinc x265 0.8
multicorewareinc x265 1.6
multicorewareinc x265 0.9
multicorewareinc x265 1
multicorewareinc x265 2.5
multicorewareinc x265 0.4
multicorewareinc x265 1.2
multicorewareinc x265 0.3
multicorewareinc x265 0.6
multicorewareinc x265 0.2
multicorewareinc x265 0.4.1
multicorewareinc x265 1.3
multicorewareinc x265 2.1
CVE-2017-8906 MEDIUM

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
multicorewareinc x265_high_efficiency_video_coding *