CVE-2017-13666CVE-2017-13666

Affected configuration(s):

cpe:/a:multicorewareinc:x265:0.1
cpe:/a:multicorewareinc:x265:0.2
cpe:/a:multicorewareinc:x265:0.3
cpe:/a:multicorewareinc:x265:0.4
cpe:/a:multicorewareinc:x265:0.4.1
cpe:/a:multicorewareinc:x265:0.5
cpe:/a:multicorewareinc:x265:0.6
cpe:/a:multicorewareinc:x265:0.7
cpe:/a:multicorewareinc:x265:0.8
cpe:/a:multicorewareinc:x265:0.9
cpe:/a:multicorewareinc:x265:1
cpe:/a:multicorewareinc:x265:1.1
cpe:/a:multicorewareinc:x265:1.2
cpe:/a:multicorewareinc:x265:1.3
cpe:/a:multicorewareinc:x265:1.4
cpe:/a:multicorewareinc:x265:1.5
cpe:/a:multicorewareinc:x265:1.6
cpe:/a:multicorewareinc:x265:1.7
cpe:/a:multicorewareinc:x265:1.8
cpe:/a:multicorewareinc:x265:1.9
cpe:/a:multicorewareinc:x265:2.0
cpe:/a:multicorewareinc:x265:2.1
cpe:/a:multicorewareinc:x265:2.2
cpe:/a:multicorewareinc:x265:2.3
cpe:/a:multicorewareinc:x265:2.4
cpe:/a:multicorewareinc:x265:2.5

Date published: 2017-08-24T02:29:00.240-04:00

Date last modified: 2017-09-07T14:30:32.357-04:00

CVSS Score: 2.1

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: https://bitbucket.org/multicoreware/x265/issues/364/integer-overflow-and-affect-top-level

Summary: An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.