EUVD-2026-38079

🗓️ 19 Jun 2026 20:09:22Reported by EUVDType

libde265 pre-1.0.20 has out-of-bounds write in process_reference_picture_set from crafted bitstreams; fixed in 1.0.20.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-49295	19 Jun 202620:09	–	attackerkb
CVE	CVE-2026-49295	19 Jun 202620:09	–	cve
Cvelist	CVE-2026-49295 libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS	19 Jun 202620:09	–	cvelist
NVD	CVE-2026-49295	19 Jun 202621:17	–	nvd
Positive Technologies	PT-2026-51026	19 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "3548e6e7-96ac-38cc-b418-5fdba5e0c584",
        "vendor": {
          "name": "strukturag"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5b758b39-ad7b-3f58-9f81-28722edd1b56",
        "product": {
          "name": "libde265",
          "vendor": {
            "name": "strukturag"
          }
        },
        "product_version": "< 1.0.20"
      }
    ]
  }
]

Source	Link
github	www.github.com/strukturag/libde265/security/advisories/GHSA-g2rg-wj66-w594
github	www.github.com/strukturag/libde265/commit/691f3a3c55b3d32478c4a49895dee061a282652b

19 Jun 2026 20:12Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.1

EPSS0.00074