CVE-2017-14796

HIGH Year: 2017
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-191
View all →

Vulnerability Description

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.

Related Vulnerabilities

CVE-2014-0497

HIGH
CVSS:8.8(High)

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arb...

CWE-1912014

CVE-2017-18170

HIGH
CVSS:8.8(High)

Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 4...

CWE-1912017

CVE-2018-14325

HIGH
CVSS:8.8(High)

In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.

CWE-1912018

CVE-2018-3999

HIGH
CVSS:8.8(High)

An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length ...

CWE-1912018

CVE-2019-5099

HIGH
CVSS:8.8(High)

An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code...

CWE-1912019

CVE-2019-5144

HIGH
CVSS:8.8(High)

An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which ca...

CWE-1912019