CVE-2016-8710 - An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg

CVE-2016-8710

Summary

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.

References

Vulnerable Configurations

cpe:2.3:a:libbpg_project:libbpg:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:libbpg_project:libbpg:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:libbpg_project:libbpg:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:libbpg_project:libbpg:0.9.4:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-12-2022 - 21:53)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	95740
misc	http://www.talosintelligence.com/reports/TALOS-2016-0223/

Last major update

13-12-2022 - 21:53

Published

26-01-2017 - 21:59

Last modified

13-12-2022 - 21:53