libbpg is a library for the BPG graphics format. libbpg 0.9.5 through 0.9.7 may allow a crafted file to write out-of-bounds, which may lead to denial of service or arbitrary code execution.
CWE-787: Out-of-bounds Write - CVE-2016-5637
According to the reporter, improper checking of transquant_bypass_enable_flag in the function restore_tqb_pixels in libbpg 0.9.5 through 0.9.7 may allow a crafted file to write out-of-bounds, which may lead to denial of service or arbitrary code execution.
By causing an application that uses libbpg to process a malformed image, a remote unauthenticated attacker may be able to write to memory, which may lead to denial of service or arbitrary code execution.
The CERT/CC is currently unaware of a practical solution to this problem. Users may consider the following workarounds:
Thanks to Shi Ji (@Puzzor) for reporting this vulnerability.
This document was written by Garret Wassermann.
|Date First Published:||2016-07-12|
|Date Last Updated:||2016-07-12 17:11 UTC|