CVE-2016-8710

Опубликовано: 26 янв. 2017

Источник: nvd

CVSS3: 7.5

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.

Ссылки

http://www.securityfocus.com/bid/95740
Broken Link
Third Party Advisory
VDB Entry
http://www.talosintelligence.com/reports/TALOS-2016-0223/
Exploit
Patch
Technical Description
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/95740
Broken Link
Third Party Advisory
VDB Entry
http://www.talosintelligence.com/reports/TALOS-2016-0223/
Exploit
Patch
Technical Description
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:libbpg_project:libbpg:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:libbpg_project:libbpg:0.9.7:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00416

Низкий

7.5 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2016-8710

CVSS3: 7.8

debian

около 9 лет назад

An exploitable heap write out of bounds vulnerability exists in the de ...

GHSA-v5fx-4j43-2wjg

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 61%

0.00416

Низкий

7.5 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787