Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
{"prion": [{"lastseen": "2023-11-20T23:53:46", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2023-02-27T15:25:00", "id": "PRION:CVE-2022-43249", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-43249", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-06T18:23:49", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43249", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43249", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43249", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-07T13:33:07", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via put_epel_hv_fallback<unsigned short> in\nfallback-motion.cc. This vulnerability allows attackers to cause a Denial\nof Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43249", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43249", "href": "https://ubuntu.com/security/CVE-2022-43249", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2023-02-27T17:50:49", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43249", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43249"], "modified": "2023-02-27T17:50:46", "id": "OSV:CVE-2022-43249", "href": "https://osv.dev/vulnerability/CVE-2022-43249", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-24T23:20:01", "description": "\nMultiple issues were found in libde265, an open source implementation\nof the H.265 video codec, which may result in denial of or have unspecified other\nimpact.\n\n\n\n* [CVE-2020-21596](https://security-tracker.debian.org/tracker/CVE-2020-21596)\nlibde265 v1.0.4 contains a global buffer overflow in the\n decode\\_CABAC\\_bit function, which can be exploited via a crafted a\n file.\n* [CVE-2020-21597](https://security-tracker.debian.org/tracker/CVE-2020-21597)\nlibde265 v1.0.4 contains a heap buffer overflow in the mc\\_chroma\n function, which can be exploited via a crafted a file.\n* [CVE-2020-21598](https://security-tracker.debian.org/tracker/CVE-2020-21598)\nlibde265 v1.0.4 contains a heap buffer overflow in the\n ff\\_hevc\\_put\\_unweighted\\_pred\\_8\\_sse function, which can be exploited\n via a crafted a file.\n* [CVE-2022-43235](https://security-tracker.debian.org/tracker/CVE-2022-43235)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff\\_hevc\\_put\\_hevc\\_epel\\_pixels\\_8\\_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n* [CVE-2022-43236](https://security-tracker.debian.org/tracker/CVE-2022-43236)\nLibde265 v1.0.8 was discovered to contain a stack-buffer-overflow\n vulnerability via put\\_qpel\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43237](https://security-tracker.debian.org/tracker/CVE-2022-43237)\nLibde265 v1.0.8 was discovered to contain a stack-buffer-overflow\n vulnerability via void put\\_epel\\_hv\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43238](https://security-tracker.debian.org/tracker/CVE-2022-43238)\nLibde265 v1.0.8 was discovered to contain an unknown crash via\n ff\\_hevc\\_put\\_hevc\\_qpel\\_h\\_3\\_v\\_3\\_sse in sse-motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n* [CVE-2022-43239](https://security-tracker.debian.org/tracker/CVE-2022-43239)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via mc\\_chroma in motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n* [CVE-2022-43240](https://security-tracker.debian.org/tracker/CVE-2022-43240)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff\\_hevc\\_put\\_hevc\\_qpel\\_h\\_2\\_v\\_1\\_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n* [CVE-2022-43241](https://security-tracker.debian.org/tracker/CVE-2022-43241)\nLibde265 v1.0.8 was discovered to contain an unknown crash via\n ff\\_hevc\\_put\\_hevc\\_qpel\\_v\\_3\\_8\\_sse in sse-motion.cc. This vulnerability\n allows attackers to cause a Denial of Service (DoS) via a crafted\n video file.\n* [CVE-2022-43242](https://security-tracker.debian.org/tracker/CVE-2022-43242)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via mc\\_luma in motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n* [CVE-2022-43243](https://security-tracker.debian.org/tracker/CVE-2022-43243)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff\\_hevc\\_put\\_weighted\\_pred\\_avg\\_8\\_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n* [CVE-2022-43244](https://security-tracker.debian.org/tracker/CVE-2022-43244)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_qpel\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43245](https://security-tracker.debian.org/tracker/CVE-2022-43245)\nLibde265 v1.0.8 was discovered to contain a segmentation violation\n via apply\\_sao\\_internal in sao.cc. This vulnerability\n allows attackers to cause a Denial of Service (DoS) via a crafted\n video file.\n* [CVE-2022-43248](https://security-tracker.debian.org/tracker/CVE-2022-43248)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_weighted\\_pred\\_avg\\_16\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43249](https://security-tracker.debian.org/tracker/CVE-2022-43249)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_epel\\_hv\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43250](https://security-tracker.debian.org/tracker/CVE-2022-43250)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_qpel\\_0\\_0\\_fallback\\_16 in fallback-motion.cc.\n This vulnerability allows attackers to cause a Denial of Service\n (DoS) via a crafted video file.\n* [CVE-2022-43252](https://security-tracker.debian.org/tracker/CVE-2022-43252)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_epel\\_16\\_fallback in fallback-motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n* [CVE-2022-43253](https://security-tracker.debian.org/tracker/CVE-2022-43253)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_unweighted\\_pred\\_16\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-47655](https://security-tracker.debian.org/tracker/CVE-2022-47655)\nLibde265 1.0.9 is vulnerable to Buffer Overflow in function void\n put\\_qpel\\_fallback\n\n\nFor Debian 10 buster, these problems have been fixed in version\n1.0.3-1+deb10u2.\n\n\nWe recommend that you upgrade your libde265 packages.\n\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/libde265>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-01-24T00:00:00", "type": "osv", "title": "libde265 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-01-24T23:19:57", "id": "OSV:DLA-3280-1", "href": "https://osv.dev/vulnerability/DLA-3280-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-11T01:52:53", "description": "\nMultiple security issues were discovered in libde265, an implementation of\nthe H.265 video codec which may result in denial of service and potentially\nthe execution of arbitrary code if a malformed media file is processed.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.0.11-0+deb11u1.\n\n\nWe recommend that you upgrade your libde265 packages.\n\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/libde265](https://security-tracker.debian.org/tracker/libde265)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-10T00:00:00", "type": "osv", "title": "libde265 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411", "CVE-2022-1253", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-02-11T01:52:49", "id": "OSV:DSA-5346-1", "href": "https://osv.dev/vulnerability/DSA-5346-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-06T16:41:30", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43249", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2023-02-27T15:25:00", "cpe": ["cpe:/o:debian:debian_linux:11.0", "cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43249", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43249", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2023-11-01T20:33:21", "description": "libde265.so is vulnerable to denial of service (DoS). A heap-based-buffer-overflow vulnerability is due the `put_epel_hv_fallback` function in `fallback-motion.cc`, which allows a remote attacker to cause denial of service conditions via a crafted video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T07:16:55", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2023-02-27T17:55:08", "id": "VERACODE:37802", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37802/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-09-06T18:31:20", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3280 advisory.\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. (CVE-2020-21598)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43235)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-25T00:00:00", "type": "nessus", "title": "Debian DLA-3280-1 : libde265 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-09-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libde265-0", "p-cpe:/a:debian:debian_linux:libde265-dev", "p-cpe:/a:debian:debian_linux:libde265-examples", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3280.NASL", "href": "https://www.tenable.com/plugins/nessus/170563", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3280. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170563);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/06\");\n\n script_cve_id(\n \"CVE-2020-21596\",\n \"CVE-2020-21597\",\n \"CVE-2020-21598\",\n \"CVE-2022-43235\",\n \"CVE-2022-43236\",\n \"CVE-2022-43237\",\n \"CVE-2022-43238\",\n \"CVE-2022-43239\",\n \"CVE-2022-43240\",\n \"CVE-2022-43241\",\n \"CVE-2022-43242\",\n \"CVE-2022-43243\",\n \"CVE-2022-43244\",\n \"CVE-2022-43245\",\n \"CVE-2022-43248\",\n \"CVE-2022-43249\",\n \"CVE-2022-43250\",\n \"CVE-2022-43252\",\n \"CVE-2022-43253\",\n \"CVE-2022-47655\"\n );\n\n script_name(english:\"Debian DLA-3280-1 : libde265 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3280 advisory.\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited\n via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a\n crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which\n can be exploited via a crafted a file. (CVE-2020-21598)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43235)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned\n short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char>\n in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short>\n in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of\n Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>\n (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/libde265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2023/dla-3280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-47655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/libde265\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libde265 packages.\n\nFor Debian 10 buster, these problems have been fixed in version 1.0.3-1+deb10u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-21598\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libde265-0', 'reference': '1.0.3-1+deb10u2'},\n {'release': '10.0', 'prefix': 'libde265-dev', 'reference': '1.0.3-1+deb10u2'},\n {'release': '10.0', 'prefix': 'libde265-examples', 'reference': '1.0.3-1+deb10u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libde265-0 / libde265-dev / libde265-examples');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-07T01:29:06", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 421c0af9-b206-11ed-9fe5-f4a47516fb57 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. (CVE-2020-21594)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. (CVE-2020-21595)\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. (CVE-2020-21598)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. (CVE-2020-21599)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21600)\n\n - libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. (CVE-2020-21601)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21602)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. (CVE-2020-21603)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. (CVE-2020-21604)\n\n - libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. (CVE-2020-21605)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21606)\n\n - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release. (CVE-2022-1253)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-21T00:00:00", "type": "nessus", "title": "FreeBSD : libde256 -- multiple vulnerabilities (421c0af9-b206-11ed-9fe5-f4a47516fb57)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2022-1253", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libde265", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_421C0AF9B20611ED9FE5F4A47516FB57.NASL", "href": "https://www.tenable.com/plugins/nessus/171744", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171744);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2020-21594\",\n \"CVE-2020-21595\",\n \"CVE-2020-21596\",\n \"CVE-2020-21597\",\n \"CVE-2020-21598\",\n \"CVE-2020-21599\",\n \"CVE-2020-21600\",\n \"CVE-2020-21601\",\n \"CVE-2020-21602\",\n \"CVE-2020-21603\",\n \"CVE-2020-21604\",\n \"CVE-2020-21605\",\n \"CVE-2020-21606\",\n \"CVE-2022-1253\",\n \"CVE-2022-43236\",\n \"CVE-2022-43237\",\n \"CVE-2022-43238\",\n \"CVE-2022-43239\",\n \"CVE-2022-43240\",\n \"CVE-2022-43241\",\n \"CVE-2022-43242\",\n \"CVE-2022-43243\",\n \"CVE-2022-43244\",\n \"CVE-2022-43245\",\n \"CVE-2022-43248\",\n \"CVE-2022-43249\",\n \"CVE-2022-43250\",\n \"CVE-2022-43252\",\n \"CVE-2022-43253\",\n \"CVE-2022-47655\"\n );\n\n script_name(english:\"FreeBSD : libde256 -- multiple vulnerabilities (421c0af9-b206-11ed-9fe5-f4a47516fb57)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 421c0af9-b206-11ed-9fe5-f4a47516fb57 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be\n exploited via a crafted a file. (CVE-2020-21594)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a\n crafted a file. (CVE-2020-21595)\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited\n via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a\n crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which\n can be exploited via a crafted a file. (CVE-2020-21598)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be\n exploited via a crafted a file. (CVE-2020-21599)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which\n can be exploited via a crafted a file. (CVE-2020-21600)\n\n - libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited\n via a crafted a file. (CVE-2020-21601)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can\n be exploited via a crafted a file. (CVE-2020-21602)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be\n exploited via a crafted a file. (CVE-2020-21603)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be\n exploited via a crafted a file. (CVE-2020-21604)\n\n - libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited\n via a crafted a file. (CVE-2020-21605)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be\n exploited via a crafted a file. (CVE-2020-21606)\n\n - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix\n is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official\n release. (CVE-2022-1253)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned\n short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char>\n in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short>\n in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of\n Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>\n (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/strukturag/libde265/releases/tag/v1.0.10\");\n # https://vuxml.freebsd.org/freebsd/421c0af9-b206-11ed-9fe5-f4a47516fb57.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?944bc6d7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libde265\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'libde265<1.0.11'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-04T22:16:55", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5346 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. (CVE-2020-21594)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. (CVE-2020-21595)\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. (CVE-2020-21598)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. (CVE-2020-21599)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21600)\n\n - libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. (CVE-2020-21601)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21602)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. (CVE-2020-21603)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. (CVE-2020-21604)\n\n - libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. (CVE-2020-21605)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21606)\n\n - An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.\n (CVE-2021-35452)\n\n - An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. (CVE-2021-36408)\n\n - There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact. (CVE-2021-36409)\n\n - A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265. (CVE-2021-36410)\n\n - An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. (CVE-2021-36411)\n\n - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release. (CVE-2022-1253)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43235)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-11T00:00:00", "type": "nessus", "title": "Debian DSA-5346-1 : libde265 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411", "CVE-2022-1253", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-09-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libde265-0", "p-cpe:/a:debian:debian_linux:libde265-dev", "p-cpe:/a:debian:debian_linux:libde265-examples", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5346.NASL", "href": "https://www.tenable.com/plugins/nessus/171376", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5346. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171376);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/04\");\n\n script_cve_id(\n \"CVE-2020-21594\",\n \"CVE-2020-21595\",\n \"CVE-2020-21596\",\n \"CVE-2020-21597\",\n \"CVE-2020-21598\",\n \"CVE-2020-21599\",\n \"CVE-2020-21600\",\n \"CVE-2020-21601\",\n \"CVE-2020-21602\",\n \"CVE-2020-21603\",\n \"CVE-2020-21604\",\n \"CVE-2020-21605\",\n \"CVE-2020-21606\",\n \"CVE-2021-35452\",\n \"CVE-2021-36408\",\n \"CVE-2021-36409\",\n \"CVE-2021-36410\",\n \"CVE-2021-36411\",\n \"CVE-2022-1253\",\n \"CVE-2022-43235\",\n \"CVE-2022-43236\",\n \"CVE-2022-43237\",\n \"CVE-2022-43238\",\n \"CVE-2022-43239\",\n \"CVE-2022-43240\",\n \"CVE-2022-43241\",\n \"CVE-2022-43242\",\n \"CVE-2022-43243\",\n \"CVE-2022-43244\",\n \"CVE-2022-43245\",\n \"CVE-2022-43248\",\n \"CVE-2022-43249\",\n \"CVE-2022-43250\",\n \"CVE-2022-43252\",\n \"CVE-2022-43253\",\n \"CVE-2022-47655\"\n );\n\n script_name(english:\"Debian DSA-5346-1 : libde265 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5346 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be\n exploited via a crafted a file. (CVE-2020-21594)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a\n crafted a file. (CVE-2020-21595)\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited\n via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a\n crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which\n can be exploited via a crafted a file. (CVE-2020-21598)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be\n exploited via a crafted a file. (CVE-2020-21599)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which\n can be exploited via a crafted a file. (CVE-2020-21600)\n\n - libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited\n via a crafted a file. (CVE-2020-21601)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can\n be exploited via a crafted a file. (CVE-2020-21602)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be\n exploited via a crafted a file. (CVE-2020-21603)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be\n exploited via a crafted a file. (CVE-2020-21604)\n\n - libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited\n via a crafted a file. (CVE-2020-21605)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be\n exploited via a crafted a file. (CVE-2020-21606)\n\n - An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.\n (CVE-2021-35452)\n\n - An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding\n file using dec265. (CVE-2021-36408)\n\n - There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when\n decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a\n crafted file or possibly have unspecified other impact. (CVE-2021-36409)\n\n - A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback\n when running program dec265. (CVE-2021-36410)\n\n - An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory\n access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a\n segmentation fault and application crash, which leads to remote denial of service. (CVE-2021-36411)\n\n - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix\n is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official\n release. (CVE-2022-1253)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43235)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned\n short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char>\n in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short>\n in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of\n Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>\n (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/libde265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2023/dsa-5346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-35452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36409\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-1253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-47655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/libde265\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libde265 packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.0.11-0+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libde265-0', 'reference': '1.0.11-0+deb11u1'},\n {'release': '11.0', 'prefix': 'libde265-dev', 'reference': '1.0.11-0+deb11u1'},\n {'release': '11.0', 'prefix': 'libde265-examples', 'reference': '1.0.11-0+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libde265-0 / libde265-dev / libde265-examples');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2023-12-06T18:33:34", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-3280-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Tobias Frost\nJanuary 24, 2023 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : libde265\nVersion : 1.0.3-1+deb10u2\nCVE ID : CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2022-43235 \n CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 \n CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 \n CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 \n CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655\nDebian Bug : 1025816 1027179 1029357 1029397\n\nMultiple issues were found in libde265, an open source implementation\nof the H.265 video codec, which may result in denial of service or have\nunspecified other impact.\n\n\nCVE-2020-21596\n\n libde265 v1.0.4 contains a global buffer overflow in the\n decode_CABAC_bit function, which can be exploited via a crafted a\n file.\n\nCVE-2020-21597\n\n libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma\n function, which can be exploited via a crafted a file.\n\nCVE-2020-21598\n\n libde265 v1.0.4 contains a heap buffer overflow in the\n ff_hevc_put_unweighted_pred_8_sse function, which can be exploited\n via a crafted a file.\n\nCVE-2022-43235\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n\nCVE-2022-43236\n\n Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow\n vulnerability via put_qpel_fallback<unsigned short> in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43237\n\n Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow\n vulnerability via void put_epel_hv_fallback<unsigned short> in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43238\n\n Libde265 v1.0.8 was discovered to contain an unknown crash via\n ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n\nCVE-2022-43239\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via mc_chroma<unsigned short> in motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n\nCVE-2022-43240\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n\nCVE-2022-43241\n\n Libde265 v1.0.8 was discovered to contain an unknown crash via\n ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability\n allows attackers to cause a Denial of Service (DoS) via a crafted\n video file.\n\nCVE-2022-43242\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via mc_luma<unsigned char> in motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n\nCVE-2022-43243\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n\nCVE-2022-43244\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_qpel_fallback<unsigned short> in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43245\n\n Libde265 v1.0.8 was discovered to contain a segmentation violation\n via apply_sao_internal<unsigned short> in sao.cc. This vulnerability\n allows attackers to cause a Denial of Service (DoS) via a crafted\n video file.\n\nCVE-2022-43248\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_weighted_pred_avg_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43249\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_epel_hv_fallback<unsigned short> in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43250\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc.\n This vulnerability allows attackers to cause a Denial of Service\n (DoS) via a crafted video file.\n\nCVE-2022-43252\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_epel_16_fallback in fallback-motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n\nCVE-2022-43253\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_unweighted_pred_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-47655\n\n Libde265 1.0.9 is vulnerable to Buffer Overflow in function void\n put_qpel_fallback<unsigned short>\n\nFor Debian 10 buster, these problems have been fixed in version\n1.0.3-1+deb10u2.\n\nWe recommend that you upgrade your libde265 packages.\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libde265\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-01-24T22:20:48", "type": "debian", "title": "[SECURITY] [DLA 3280-1] libde265 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-01-24T22:20:48", "id": "DEBIAN:DLA-3280-1:0307C", "href": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T12:07:35", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5346-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 10, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libde265\nCVE ID : CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 \n CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 \n CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 \n CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 \n CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 \n CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 \n CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 \n CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 \n CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655\nDebian Bug : 1004963 1014977 1014999 1025816 1027179 1029357 1029396 1029397\n\nMultiple security issues were discovered in libde265, an implementation of\nthe H.265 video codec which may result in denial of service and potentially\nthe execution of arbitrary code if a malformed media file is processed.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.0.11-0+deb11u1.\n\nWe recommend that you upgrade your libde265 packages.\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libde265\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-10T19:38:07", "type": "debian", "title": "[SECURITY] [DSA 5346-1] libde265 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411", "CVE-2022-1253", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-02-10T19:38:07", "id": "DEBIAN:DSA-5346-1:95B61", "href": "https://lists.debian.org/debian-security-announce/2023/msg00035.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-12-06T18:49:11", "description": "\n\nLibde265 developer reports:\n\nThis release fixes the known CVEs below. Many of them are actually caused by the same underlying issues that manifest in different ways.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-27T00:00:00", "type": "freebsd", "title": "libde256 -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2022-1253", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-01-27T00:00:00", "id": "421C0AF9-B206-11ED-9FE5-F4A47516FB57", "href": "https://vuxml.freebsd.org/freebsd/421c0af9-b206-11ed-9fe5-f4a47516fb57.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-06T18:58:45", "description": "libde265 has been updated to version 1.0.11 to fix many security issues. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-19T01:16:28", "type": "mageia", "title": "Updated libde265 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411", "CVE-2022-1253", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655", "CVE-2022-47664", "CVE-2022-47665", "CVE-2023-24751", "CVE-2023-24752", "CVE-2023-24754", "CVE-2023-24755", "CVE-2023-24756", "CVE-2023-24757", "CVE-2023-24758", "CVE-2023-25221"], "modified": "2023-03-19T01:16:28", "id": "MGASA-2023-0093", "href": "https://advisories.mageia.org/MGASA-2023-0093.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2022-43249
