Lucene search
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6677-1.NASLHistoryMar 05, 2024 - 12:00 a.m.
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libde265 vulnerabilities (USN-6677-1)
2024-03-0500:00:00
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
ubuntu 16.04 lts
ubuntu 18.04 lts
ubuntu 20.04 lts
ubuntu 22.04 lts
ubuntu 23.10
libde265
vulnerabilities
segmentation violation
heap buffer overflow
buffer overflow
denial of service
arbitrary code execution
nessus scanner
usn-6677-1 advisory
cve-2023-27102
cve-2023-27103
cve-2023-43887
cve-2023-47471
cve-2023-49465
cve-2023-49467
cve-2023-49468
7.8 High
AI Score
Confidence
High
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6677-1 advisory.
-
Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. (CVE-2023-27102)
-
Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. (CVE-2023-27103)
-
Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. (CVE-2023-43887)
-
Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component. (CVE-2023-47471)
-
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. (CVE-2023-49465)
-
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. (CVE-2023-49467)
-
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. (CVE-2023-49468)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6677-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(191560);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/06");
script_cve_id(
"CVE-2023-27102",
"CVE-2023-27103",
"CVE-2023-43887",
"CVE-2023-47471",
"CVE-2023-49465",
"CVE-2023-49467",
"CVE-2023-49468"
);
script_xref(name:"USN", value:"6677-1");
script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libde265 vulnerabilities (USN-6677-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by
multiple vulnerabilities as referenced in the USN-6677-1 advisory.
- Libde265 v1.0.11 was discovered to contain a segmentation violation via the function
decoder_context::process_slice_segment_header at decctx.cc. (CVE-2023-27102)
- Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function
derive_collocated_motion_vectors at motion.cc. (CVE-2023-27103)
- Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and
num_tile_row parameters in the function pic_parameter_set::dump. (CVE-2023-43887)
- Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of
service via the slice_segment_header function in the slice.cc component. (CVE-2023-47471)
- Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the
derive_spatial_luma_vector_prediction function at motion.cc. (CVE-2023-49465)
- Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the
derive_combined_bipredictive_merging_candidates function at motion.cc. (CVE-2023-49467)
- Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit
function at slice.cc. (CVE-2023-49468)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6677-1");
script_set_attribute(attribute:"solution", value:
"Update the affected libde265-0, libde265-dev and / or libde265-examples packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-49468");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/05");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:23.10");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libde265-0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libde265-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libde265-examples");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release || '23.10' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04 / 23.10', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '16.04', 'pkgname': 'libde265-0', 'pkgver': '1.0.2-2ubuntu0.16.04.1~esm4'},
{'osver': '16.04', 'pkgname': 'libde265-dev', 'pkgver': '1.0.2-2ubuntu0.16.04.1~esm4'},
{'osver': '16.04', 'pkgname': 'libde265-examples', 'pkgver': '1.0.2-2ubuntu0.16.04.1~esm4'},
{'osver': '18.04', 'pkgname': 'libde265-0', 'pkgver': '1.0.2-2ubuntu0.18.04.1~esm4'},
{'osver': '18.04', 'pkgname': 'libde265-dev', 'pkgver': '1.0.2-2ubuntu0.18.04.1~esm4'},
{'osver': '18.04', 'pkgname': 'libde265-examples', 'pkgver': '1.0.2-2ubuntu0.18.04.1~esm4'},
{'osver': '20.04', 'pkgname': 'libde265-0', 'pkgver': '1.0.4-1ubuntu0.4'},
{'osver': '20.04', 'pkgname': 'libde265-dev', 'pkgver': '1.0.4-1ubuntu0.4'},
{'osver': '20.04', 'pkgname': 'libde265-examples', 'pkgver': '1.0.4-1ubuntu0.4'},
{'osver': '22.04', 'pkgname': 'libde265-0', 'pkgver': '1.0.8-1ubuntu0.3'},
{'osver': '22.04', 'pkgname': 'libde265-dev', 'pkgver': '1.0.8-1ubuntu0.3'},
{'osver': '22.04', 'pkgname': 'libde265-examples', 'pkgver': '1.0.8-1ubuntu0.3'},
{'osver': '23.10', 'pkgname': 'libde265-0', 'pkgver': '1.0.12-2ubuntu0.1'},
{'osver': '23.10', 'pkgname': 'libde265-dev', 'pkgver': '1.0.12-2ubuntu0.1'},
{'osver': '23.10', 'pkgname': 'libde265-examples', 'pkgver': '1.0.12-2ubuntu0.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libde265-0 / libde265-dev / libde265-examples');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 16.04 | cpe:/o:canonical:ubuntu_linux:16.04:-:lts |
| canonical | ubuntu_linux | 18.04 | cpe:/o:canonical:ubuntu_linux:18.04:-:lts |
| canonical | ubuntu_linux | 20.04 | cpe:/o:canonical:ubuntu_linux:20.04:-:lts |
| canonical | ubuntu_linux | 22.04 | cpe:/o:canonical:ubuntu_linux:22.04:-:lts |
| canonical | ubuntu_linux | 23.10 | cpe:/o:canonical:ubuntu_linux:23.10 |
| canonical | ubuntu_linux | libde265-0 | p-cpe:/a:canonical:ubuntu_linux:libde265-0 |
| canonical | ubuntu_linux | libde265-dev | p-cpe:/a:canonical:ubuntu_linux:libde265-dev |
| canonical | ubuntu_linux | libde265-examples | p-cpe:/a:canonical:ubuntu_linux:libde265-examples |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49465
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49468
ubuntu.com/security/notices/USN-6677-1
Related
openvas
openvas
Ubuntu: Security Advisory (USN-6677-1)
2024-03-06 00:00:00
Debian: Security Advisory (DLA-3676-1)
2023-12-01 00:00:00
Debian: Security Advisory (DLA-3699-1)
2024-01-12 00:00:00
ubuntu
ubuntu
libde265 vulnerabilities
2024-03-05 00:00:00
cloudfoundry
cloudfoundry
USN-6677-1: libde265 vulnerabilities | Cloud Foundry
2024-04-04 00:00:00
osv
osv
libde265 vulnerabilities
2024-03-05 18:39:19
libde265 - security update
2023-11-30 00:00:00
libde265 - security update
2023-12-30 00:00:00
debian
debian
[SECURITY] [DLA 3676-1] libde265 security update
2023-11-30 17:45:08
[SECURITY] [DLA 3699-1] libde265 security update
2023-12-30 18:31:10
nessus
nessus
Debian DLA-3676-1 : libde265 - LTS security update
2023-11-30 00:00:00
redos
redos
ROS-20240408-03
2024-04-08 00:00:00
ROS-20230412-01
2023-04-12 00:00:00
ROS-20240402-13
2024-04-02 00:00:00
prion
prion
Buffer overflow
2023-11-16 04:15:00
Heap overflow
2023-12-07 20:15:00
Buffer overflow
2023-12-07 20:15:00
debiancve
debiancve
veracode
veracode
Heap Buffer Overflow
2023-12-08 08:29:55
Heap Buffer Overflow
2023-12-08 07:46:41
Buffer Overflow
2023-11-23 08:02:08
alpinelinux
alpinelinux
ubuntucve
ubuntucve
cve
cve