CVE-2017-13666 — Integer Underflow (Wrap or Wraparound) in X265

CWE-191 — Integer Underflow (Wrap or Wraparound)4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 65.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Multicorewareinc X265 Debian X265

Timeline

PublishedAug 24

Latest updateMay 17

Description

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmulticorewareinc/x26526 versions+25

▶debiandebian/x265

🔴Vulnerability Details

GHSA

GHSA-rvv7-6w95-x7c7: An integer underflow vulnerability exists in pixel-a↗2022-05-17

▶

OSV

CVE-2017-13666: An integer underflow vulnerability exists in pixel-a↗2017-08-24

▶

📋Vendor Advisories

Debian

CVE-2017-13666: x265 - An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code ...↗2017

▶