An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X265_high_efficiency_video_coding | Multicorewareinc | * | 2.4 (including) |
| X265 | Ubuntu | artful | * |
| X265 | Ubuntu | esm-apps/xenial | * |
| X265 | Ubuntu | upstream | * |
| X265 | Ubuntu | xenial | * |
| X265 | Ubuntu | yakkety | * |
| X265 | Ubuntu | zesty | * |