2 matches found
CVE-2017-2575
CVE-2017-2575 affects the libbpg 0.9.7 BPG encoder. The issue is a NULL pointer dereference caused by a missing check of the return value from malloc during conversion of a malicious JPEG file to BPG. This is a code-path vulnerability in the encoder that can lead to a crash when parsing crafted i...
CVE-2018-12447
The CVE-2018-12447 vulnerability affects libbpg (and libavcodec) via the restore_tqb_pixels function in hevc_filter.c, where an integer overflow can cause a heap-based buffer overflow and remote code execution. Affected stack includes libbpg 0.9.8 and related products; exact vulnerable lines are ...