CVE-2017-8906

2017-05-11T20:29:00
ID CVE-2017-8906
Type cve
Reporter cve@mitre.org
Modified 2020-09-02T19:12:00

Description

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.