exploitDog

GHSA-5fqw-fcpr-6qgf

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.

Ссылки

EPSS

Процентиль: 66%

0.00521

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-14795

CVSS3: 8.8

nvd

больше 8 лет назад

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.

EPSS

Процентиль: 66%

0.00521

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-125