multicoreware / x265_git / issues / #385 - CVE-2017-13135 — Bitbucket

Issue #385 resolved

Sebastian Ramacher created an issue 2017-12-21

A CVE was released for the embedded copy of x265 in libbpg. The corresponding bug report can be found at https://github.com/ebel34/bpg-web-encoder/issues/1.

From a first look at it, "bug 1" is also present in the current version of x265. At least in Analysis::create and FrameData::create the return value of create is not checked, so that might cause similar crashes.

Comments (5)

Pradeep Ramachandran Account Deactivated
Thanks for the report. We will try to address this asap on the stable branch, given its security implications.
- 2017-12-22T03:25:14+00:00
Pradeep Ramachandran Account Deactivated
- assigned issue to
  
  Santhoshini Sekar
- 2017-12-22T03:25:24+00:00
Santhoshini Sekar
We have pushed a patch(changeset: 78c0f2c) on the stable branch of x265 to address this issue. Can you please check and let us know if this fixes it?
- 2017-12-22T10:18:56+00:00
Sebastian Ramacher reporter
Thank you. I don't have the samples crashing the code, but the fixes look good to me.
- 2017-12-31T11:50:56+00:00
Pradeep Ramachandran Account Deactivated
- changed status to resolved
Changeset pushed to stable branch of x265 and merged with default branch
- 2018-01-02T04:10:59+00:00
Log in to comment

Assignee: Santhoshini Sekar

Type: bug

Priority: major

Status: resolved

Component: –

Version: –

Votes: 0

Watchers: 3