{"id":"CVE-2017-13666","details":"An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.","modified":"2026-03-14T09:21:59.346338Z","published":"2017-08-24T06:29:00.240Z","references":[{"type":"EVIDENCE","url":"https://bitbucket.org/multicoreware/x265/issues/364/integer-overflow-and-affect-top-level"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"0.4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9"}]},{"events":[{"introduced":"0"},{"last_affected":"1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.9"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-13666.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}