CVE-2017-14796
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.
La función hevc_write_frame en libbpg.c en libbpg 0.9.7 permite que los atacantes remotos causen una denegación de servicio (subdesbordamiento de enteros y cierre inesperado de la aplicación) o posiblemente otro impacto no especificado mediante un archivo BPG manipulado relacionado con la interacción incorrecta con copy_CTB_to_hv en hevc_filter.c en libavcodec en FFmpeg y sao_filter_CTB en hevc_filter.c en libavcodec en FFmpeg.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-27 CVE Reserved
- 2017-09-27 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-11-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-191: Integer Underflow (Wrap or Wraparound)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/leonzhao7/vulnerability/blob/master/An%20integer%20underflow%20vulnerability%20in%20sao_filter_CTB%20of%20libbpg.md | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libbpg Project Search vendor "Libbpg Project" | Libbpg Search vendor "Libbpg Project" for product "Libbpg" | 0.9.7 Search vendor "Libbpg Project" for product "Libbpg" and version "0.9.7" | - |
Affected
| ||||||