Libbpg Security Vulnerabilities and Issues — Libbpg CVE List

Libbpg ProjectLibbpg

10 matches found

CVE•added 2017/01/26 9:0 p.m.•56 views

CVE-2016-8710

CVE-2016-8710 is a heap-write-out-of-bounds vulnerability in Libbpg’s BPG image decoding. The issue arises in the HEVC decoding path (restore_tqb_pixels) due to an integer underflow that allows out-of-bounds writes to heap memory, potentially enabling remote code execution when processing a craft...

7.8CVSS7.8AI score0.00416EPSS

CVE•added 2017/11/16 4:0 a.m.•53 views

CVE-2017-14034

The CVE-2017-14034 vulnerability affects libavcodec (used in Libbpg 0.9.7 and related products), specifically the restore_tqb_pixels function in hevc_filter.c. It miscalculates a memcpy destination address, enabling a heap-based buffer over-read that can crash the application (denial of service) ...

8.8CVSS9AI score0.00521EPSS

CVE•added 2017/09/27 5:0 p.m.•48 views

CVE-2017-14795

The CVE-2017-14795 issue affects Libbpg 0.9.7, specifically the hevc_write_frame function in libbpg.c, with a vulnerability in decoding BPG images that can cause an out-of-bounds access. Connected sources describe a heap/write out-of-bounds condition in decoding and indicate potential denial of s...

8.8CVSS8.8AI score0.00521EPSS

CVE•added 2017/11/16 4:0 a.m.•47 views

CVE-2017-13136

The CVE-2017-13136 issue affects the libbpg 0.9.7 image encoder (bpgenc.c) where an integer overflow in image_alloc allows an invalid malloc and NULL pointer dereference. Public records (NVD/CNVD/CVE records) describe a potential denial of service via memory corruption/backreference and related h...

8.8CVSS8.6AI score0.00491EPSS

CVE•added 2017/09/25 9:0 p.m.•47 views

CVE-2017-14734

The CVE-2017-14734 entry affects the Libbpg library (libbpg.c, build_msps) in version 0.9.7. A crafted BPG image can trigger a heap-based buffer overflow during decoding, as mentioned in relation to hevc_decode_init1, leading to denial of service or potentially other impact. Several sources (NVD,...

8.8CVSS9.1AI score0.01674EPSS

CVE•added 2016/07/15 6:0 p.m.•45 views

CVE-2016-5637

CVE-2016-5637 affects the libbpg library (versions 0.9.5–0.9.7). The root cause is improper handling of the transquant_bypass_enable_flag in the function restore_tqb_pixels, enabling a crafted BPG image to trigger an out-of-bounds write. This can lead to remote arbitrary code execution or denial ...

8.8CVSS8.8AI score0.0061EPSS

CVE•added 2017/09/27 5:0 p.m.•44 views

CVE-2017-14796

The CVE-2017-14796 vulnerability affects libbpg 0.9.7, specifically the hevc_write_frame path in libbpg.c. The issue is a denial of service via an integer underflow when processing crafted BPG images, with related interaction in copy_CTB_to_hv (hevc_filter.c) and sao_filter_CTB (hevc_filter.c) in...

8.8CVSS8.8AI score0.00606EPSS

CVE•added 2018/08/22 9:0 p.m.•44 views

CVE-2017-2575

CVE-2017-2575 affects the libbpg 0.9.7 BPG encoder. The issue is a NULL pointer dereference caused by a missing check of the return value from malloc during conversion of a malicious JPEG file to BPG. This is a code-path vulnerability in the encoder that can lead to a crash when parsing crafted i...

6.5CVSS6.4AI score0.00556EPSS

CVE•added 2017/11/16 4:0 a.m.•42 views

CVE-2017-13135

CVE-2017-13135 : A NULL pointer dereference in VideoLAN x265 (used in libbpg 0.9.7 and other products) arises because CUData::initialize in common/cudata.cpp mishandles memory-allocation failure. The issue can cause a crash, treated as a denial of service in related advisories. Multiple sources (...

7.8CVSS7.5AI score0.00295EPSS

CVE•added 2018/06/15 1:0 p.m.•33 views

CVE-2018-12447

The CVE-2018-12447 vulnerability affects libbpg (and libavcodec) via the restore_tqb_pixels function in hevc_filter.c, where an integer overflow can cause a heap-based buffer overflow and remote code execution. Affected stack includes libbpg 0.9.8 and related products; exact vulnerable lines are ...

8.8CVSS9.1AI score0.01343EPSS