CVE-2016-8710

2017-01-2621:00:00

talos

www.cve.org

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.2%

JSON

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.

CNA Affected

[
  {
    "product": "Libbpg",
    "vendor": "Libbpg",
    "versions": [
      {
        "status": "affected",
        "version": "0.9.4"
      },
      {
        "status": "affected",
        "version": "0.9.7"
      }
    ]
  }
]