libbpg_project CVE Vulnerabilities & Metrics

Focus on libbpg_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About libbpg_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with libbpg_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total libbpg_project CVEs: 10
Earliest CVE date: 15 Jul 2016, 18:59 UTC
Latest CVE date: 22 Aug 2018, 21:29 UTC

Latest CVE reference: CVE-2017-2575

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical libbpg_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.55

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	10
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS libbpg_project CVEs

These are the five CVEs with the highest CVSS scores for libbpg_project, sorted by severity first and recency.

CVE-2018-12447 libbpg_project Published on 15 Jun 2018, 13:29 UTC (CVSS: 6.8)
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.
CVE-2017-14034 libbpg_project Published on 16 Nov 2017, 04:29 UTC (CVSS: 6.8)
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.
CVE-2017-13136 libbpg_project Published on 16 Nov 2017, 04:29 UTC (CVSS: 6.8)
The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.
CVE-2017-13135 libbpg_project Published on 16 Nov 2017, 04:29 UTC (CVSS: 6.8)
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.
CVE-2017-14796 libbpg_project Published on 28 Sep 2017, 01:29 UTC (CVSS: 6.8)
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.

All CVEs for libbpg_project

CVE-2017-2575 libbpg_project vulnerability CVSS: 4.3 22 Aug 2018, 21:29 UTC

A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG.

CVE-2018-12447 libbpg_project vulnerability CVSS: 6.8 15 Jun 2018, 13:29 UTC

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.

CVE-2017-14034 libbpg_project vulnerability CVSS: 6.8 16 Nov 2017, 04:29 UTC

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.

CVE-2017-13136 libbpg_project vulnerability CVSS: 6.8 16 Nov 2017, 04:29 UTC

The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.

CVE-2017-13135 libbpg_project vulnerability CVSS: 6.8 16 Nov 2017, 04:29 UTC

A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.

CVE-2017-14796 libbpg_project vulnerability CVSS: 6.8 28 Sep 2017, 01:29 UTC

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.

CVE-2017-14795 libbpg_project vulnerability CVSS: 6.8 28 Sep 2017, 01:29 UTC

The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.

CVE-2017-14734 libbpg_project vulnerability CVSS: 6.8 25 Sep 2017, 21:29 UTC

The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.

CVE-2016-8710 libbpg_project vulnerability CVSS: 6.8 26 Jan 2017, 21:59 UTC

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.

CVE-2016-5637 libbpg_project vulnerability CVSS: 6.8 15 Jul 2016, 18:59 UTC

The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a "type confusion" issue.