CVE-2017-13135 — NULL Pointer Dereference in X265

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 47.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian X265 Libbpg Project Libbpg

Timeline

PublishedNov 16

Latest updateMay 17

Description

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/x265< x265 2.6-3 (bookworm)

▶NVDlibbpg_project/libbpg0.9.7

🔴Vulnerability Details

GHSA

GHSA-c98w-gf53-9jwf: A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0↗2022-05-17

▶

OSV

CVE-2017-13135: A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0↗2017-11-16

▶

📋Vendor Advisories

Ubuntu

VideoLAN x265 vulnerability↗2021-03-15

▶

Debian

CVE-2017-13135: x265 - A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and ...↗2017

▶