Vulnerability Note VU#123799
libbpg contains a type confusion vulnerability that leads to out of bounds write
libbpg is a library for the BPG graphics format. libbpg 0.9.5 through 0.9.7 may allow a crafted file to write out-of-bounds, which may lead to denial of service or arbitrary code execution.
CWE-787: Out-of-bounds Write - CVE-2016-5637
According to the reporter, improper checking of transquant_bypass_enable_flag in the function restore_tqb_pixels in libbpg 0.9.5 through 0.9.7 may allow a crafted file to write out-of-bounds, which may lead to denial of service or arbitrary code execution.
By causing an application that uses libbpg to process a malformed image, a remote unauthenticated attacker may be able to write to memory, which may lead to denial of service or arbitrary code execution.
The CERT/CC is currently unaware of a practical solution to this problem. Users may consider the following workarounds:
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|libbpg||Affected||03 Jun 2016||27 Jun 2016|
CVSS Metrics (Learn More)
Thanks to Shi Ji (@Puzzor) for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-5637
- Date Public: 12 Jul 2016
- Date First Published: 12 Jul 2016
- Date Last Updated: 12 Jul 2016
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.