CVE-2016-8710 — Out-of-bounds Write in Libbpg

CWE-787 — Out-of-bounds Write5 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 38.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libbpg Libbpg Project Libbpg Debian Ffmpeg

Timeline

PublishedJan 26

Latest updateMay 13

Description

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5libbpg/libbpg0.9.4, 0.9.7+1

▶NVDlibbpg_project/libbpg0.9.4, 0.9.7+1

▶debiandebian/ffmpeg

Patches

Patch: www.talosintelligence.com ↗Patch: www.talosintelligence.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5fx-4j43-2wjg: An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library↗2022-05-13

▶

📋Vendor Advisories

Debian

CVE-2016-8710: ffmpeg - An exploitable heap write out of bounds vulnerability exists in the decoding of ...↗2016

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight - LibBPG Image Decoding Code Execution↗2017-01-23

▶

Talos

Vulnerability Spotlight - LibBPG Image Decoding Code Execution↗2017-01-23

▶