An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Name | Vendor | Start Version | End Version |
---|---|---|---|
X265 | Multicorewareinc | 0.1 (including) | 0.1 (including) |
X265 | Multicorewareinc | 0.2 (including) | 0.2 (including) |
X265 | Multicorewareinc | 0.3 (including) | 0.3 (including) |
X265 | Multicorewareinc | 0.4 (including) | 0.4 (including) |
X265 | Multicorewareinc | 0.4.1 (including) | 0.4.1 (including) |
X265 | Multicorewareinc | 0.5 (including) | 0.5 (including) |
X265 | Multicorewareinc | 0.6 (including) | 0.6 (including) |
X265 | Multicorewareinc | 0.7 (including) | 0.7 (including) |
X265 | Multicorewareinc | 0.8 (including) | 0.8 (including) |
X265 | Multicorewareinc | 0.9 (including) | 0.9 (including) |
X265 | Multicorewareinc | 1 (including) | 1 (including) |
X265 | Multicorewareinc | 1.1 (including) | 1.1 (including) |
X265 | Multicorewareinc | 1.2 (including) | 1.2 (including) |
X265 | Multicorewareinc | 1.3 (including) | 1.3 (including) |
X265 | Multicorewareinc | 1.4 (including) | 1.4 (including) |
X265 | Multicorewareinc | 1.5 (including) | 1.5 (including) |
X265 | Multicorewareinc | 1.6 (including) | 1.6 (including) |
X265 | Multicorewareinc | 1.7 (including) | 1.7 (including) |
X265 | Multicorewareinc | 1.8 (including) | 1.8 (including) |
X265 | Multicorewareinc | 1.9 (including) | 1.9 (including) |
X265 | Multicorewareinc | 2.0 (including) | 2.0 (including) |
X265 | Multicorewareinc | 2.1 (including) | 2.1 (including) |
X265 | Multicorewareinc | 2.2 (including) | 2.2 (including) |
X265 | Multicorewareinc | 2.3 (including) | 2.3 (including) |
X265 | Multicorewareinc | 2.4 (including) | 2.4 (including) |
X265 | Multicorewareinc | 2.5 (including) | 2.5 (including) |
X265 | Ubuntu | artful | * |
X265 | Ubuntu | upstream | * |
X265 | Ubuntu | xenial | * |
X265 | Ubuntu | zesty | * |