Null Pointer Dereference in BPG Encoder of Libbpg by Libbpg
CVE-2017-2575

6.5MEDIUM

Key Information:

Vendor: Fabrice Bellard
Status: Libbpg
Vendor: CVE Published:; 22 August 2018

🔔 Create Fabrice Bellard Vulnerability Alert

What is CVE-2017-2575?

A vulnerability identified in libbpg version 0.9.7 allows a NULL pointer dereference, stemming from a failure to verify the return value of the malloc function in the BPG encoder. By exploiting this flaw, attackers can potentially manipulate the conversion of specially crafted JPEG files into BPG format, leading to application crashes or unforeseen behavior.

Affected Version(s)

libbpg 0.9.7

References

http://www.securityfocus.com/bid/97963

vdb-entryx_refsource_BID

http://seclists.org/oss-sec/2017/q2/100

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2018
Vulnerability Reserved
Dec 1, 2016

JSON