CVE-2017-13666 in x265info

Summary

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

08/24/2017

Disclosure

08/24/2017

Moderation

VulDB entry created

Entries

1: VDB-105715

CPE

ready

CWE

CWE-191 (Confirmed)

CVSS

5.4

EPSS

0.00141

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-13666
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-13666
CVE Details	https://www.cvedetails.com/cve/CVE-2017-13666/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!