A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.
References
Link | Resource |
---|---|
http://seclists.org/oss-sec/2017/q2/100 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/97963 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/148857 | Third Party Advisory |
Configurations
Information
Published : 2018-08-22 14:29
Updated : 2019-10-09 16:26
NVD link : CVE-2017-2575
Mitre link : CVE-2017-2575
JSON object : View
CWE
CWE-476
NULL Pointer Dereference
Products Affected
libbpg_project
- libbpg