Jump to:

CVE-2017-8906

Jump to:

CVE-2017-8906

Package x265 updated to version 2.5-alt1 for branch sisyphus in task 190357.

Published: 2017-05-11
Modified: 2025-04-20

CVE-2017-8906

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common
https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common

Version: 2.1.2

Package x265 update in sisyphus on 2017-10-11

ALT-PU-2017-2415-1

Closed vulnerabilities

CVE-2017-8906