CVE-2017-8906

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.
Wrap or Wraparound
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
multicorewareincx265_high_efficiency_video_coding
𝑥
≤ 2.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
x265
bullseye
3.4-2
fixed
bookworm
3.5-2
fixed
sid
3.6-3
fixed
trixie
3.6-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
x265
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
ignored
trusty
dne
Common Weakness Enumeration
References
https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common
https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common