CVE-2018-12447

2018-06-1513:00:00

mitre

www.cve.org

AI Score

9.2

Confidence

High

EPSS

0.024

Percentile

90.1%

JSON

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.

References

drive.google.com/open?id=1J3hTt8XHz7u7QDSNYxEuwFZTO6Baggl0

github.com/ebel34/bpg-web-encoder/issues/2