Lucene search

TalosCVE-2016-8710

HistoryJan 26, 2017 - 9:59 p.m.

CVE-2016-8710

2017-01-2621:59:00

CWE-787

talos

web.nvd.nist.gov

cve-2016-8710

exploit

heap write

vulnerability

libbpg

bpg images

decoding

remote code execution

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.2%

JSON

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.

Affected configurations

Nvd

Vulners

Node

libbpg_projectlibbpgMatch0.9.4

libbpg_projectlibbpgMatch0.9.7

VendorProductVersionCPE
libbpg_projectlibbpg0.9.4cpe:2.3:a:libbpg_project:libbpg:0.9.4:*:*:*:*:*:*:*
libbpg_projectlibbpg0.9.7cpe:2.3:a:libbpg_project:libbpg:0.9.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libbpg_project	libbpg	0.9.4	cpe:2.3:a:libbpg_project:libbpg:0.9.4:::::::*
libbpg_project	libbpg	0.9.7	cpe:2.3:a:libbpg_project:libbpg:0.9.7:::::::*

CNA Affected

[
  {
    "product": "Libbpg",
    "vendor": "Libbpg",
    "versions": [
      {
        "status": "affected",
        "version": "0.9.4"
      },
      {
        "status": "affected",
        "version": "0.9.7"
      }
    ]
  }
]