Описание
A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:libbpg_project:libbpg:0.9.7:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00556
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-119
CWE-476
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.
EPSS
Процентиль: 68%
0.00556
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-119
CWE-476