製品・ソフトウェアに関する情報

JVN脆弱性詳細

MulticoreWare x265 における整数アンダーフローの脆弱性

Title	MulticoreWare x265 における整数アンダーフローの脆弱性
Summary	MulticoreWare x265 には、整数アンダーフローの脆弱性が存在します。本脆弱性は、CVE-2017-8906 とは異なる脆弱性です。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 23, 2017, midnight
Registration Date	Sept. 27, 2017, 4:19 p.m.
Last Update	Sept. 27, 2017, 4:19 p.m.

Affected System

MulticoreWare Inc.

x265 2.5 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-13666	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13666
National Vulnerability Database (NVD)
2	CVE-2017-13666	https://nvd.nist.gov/vuln/detail/CVE-2017-13666

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-191	https://cwe.mitre.org/data/definitions/191.html

ベンダー情報

No	Name	URL
BitBucket
1	Integer Overflow and affect top level software	https://bitbucket.org/multicoreware/x265/issues/364/integer-overflow-and-affect-top-level

Change Log

No	Changed Details	Date of change
0	[2017年09月27日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-13666

Summary	An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.
Publication Date	Aug. 24, 2017, 3:29 p.m.
Registration Date	Jan. 26, 2021, 1:15 p.m.
Last Update	Nov. 21, 2024, 12:11 p.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource	タグ
1	https://bitbucket.org/multicoreware/x265/issues/364/integer-overflow-and-affect-top-level		Exploit Third Party Advisory
2	https://bitbucket.org/multicoreware/x265/issues/364/integer-overflow-and-affect-top-level		Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-191	整数アンダーフロー	https://cwe.mitre.org/data/definitions/191.html