DATABASE RESOURCES PRICING ABOUT US

{"id": "OSV:DSA-5346-1", "vendorId": null, "type": "osv", "bulletinFamily": "software", "title": "libde265 - security update", "description": "\nMultiple security issues were discovered in libde265, an implementation of\nthe H.265 video codec which may result in denial of service and potentially\nthe execution of arbitrary code if a malformed media file is processed.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.0.11-0+deb11u1.\n\n\nWe recommend that you upgrade your libde265 packages.\n\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/libde265](https://security-tracker.debian.org/tracker/libde265)\n\n\n", "published": "2023-02-10T00:00:00", "modified": "2023-02-11T01:52:49", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://osv.dev/vulnerability/DSA-5346-1", "reporter": "Google", "references": ["https://www.debian.org/security/2023/dsa-5346"], "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411", "CVE-2022-1253", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "immutableFields": [], "lastseen": "2023-02-11T01:52:53", "viewCount": 7, "enchantments": {"score": {"value": 3.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-21594", "ALPINE:CVE-2020-21595", "ALPINE:CVE-2020-21596", "ALPINE:CVE-2020-21597", "ALPINE:CVE-2020-21598", "ALPINE:CVE-2020-21599", "ALPINE:CVE-2020-21600", "ALPINE:CVE-2020-21601", "ALPINE:CVE-2020-21602", "ALPINE:CVE-2020-21603", "ALPINE:CVE-2020-21604", "ALPINE:CVE-2020-21605", "ALPINE:CVE-2020-21606", "ALPINE:CVE-2021-35452", "ALPINE:CVE-2021-36408", "ALPINE:CVE-2021-36409", "ALPINE:CVE-2021-36410", "ALPINE:CVE-2021-36411", "ALPINE:CVE-2022-1253", "ALPINE:CVE-2022-43235", "ALPINE:CVE-2022-43236", "ALPINE:CVE-2022-43237", "ALPINE:CVE-2022-43238", "ALPINE:CVE-2022-43239", "ALPINE:CVE-2022-43240", "ALPINE:CVE-2022-43241", "ALPINE:CVE-2022-43242", "ALPINE:CVE-2022-43243", "ALPINE:CVE-2022-43244", "ALPINE:CVE-2022-43245", "ALPINE:CVE-2022-43248", "ALPINE:CVE-2022-43249", "ALPINE:CVE-2022-43250", "ALPINE:CVE-2022-43252", "ALPINE:CVE-2022-43253", "ALPINE:CVE-2022-47655"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "cnvd", "idList": ["CNVD-2021-78426", "CNVD-2021-78427", "CNVD-2021-78428", "CNVD-2021-78429", "CNVD-2021-78430", "CNVD-2021-78431", "CNVD-2021-78432", "CNVD-2021-78433", "CNVD-2021-78434", "CNVD-2021-79731", "CNVD-2021-79732", "CNVD-2021-79733", "CNVD-2021-79734", "CNVD-2022-19083", "CNVD-2022-19084", "CNVD-2022-19085", "CNVD-2022-19086", "CNVD-2022-19087"]}, {"type": "cve", "idList": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411", "CVE-2022-1253", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3240-1:DA04E", "DEBIAN:DLA-3280-1:0307C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-21594", "DEBIANCVE:CVE-2020-21595", "DEBIANCVE:CVE-2020-21596", "DEBIANCVE:CVE-2020-21597", "DEBIANCVE:CVE-2020-21598", "DEBIANCVE:CVE-2020-21599", "DEBIANCVE:CVE-2020-21600", "DEBIANCVE:CVE-2020-21601", "DEBIANCVE:CVE-2020-21602", "DEBIANCVE:CVE-2020-21603", "DEBIANCVE:CVE-2020-21604", "DEBIANCVE:CVE-2020-21605", "DEBIANCVE:CVE-2020-21606", "DEBIANCVE:CVE-2021-35452", "DEBIANCVE:CVE-2021-36408", "DEBIANCVE:CVE-2021-36409", "DEBIANCVE:CVE-2021-36410", "DEBIANCVE:CVE-2021-36411", "DEBIANCVE:CVE-2022-1253", "DEBIANCVE:CVE-2022-43235", "DEBIANCVE:CVE-2022-43236", "DEBIANCVE:CVE-2022-43237", "DEBIANCVE:CVE-2022-43238", "DEBIANCVE:CVE-2022-43239", "DEBIANCVE:CVE-2022-43240", "DEBIANCVE:CVE-2022-43241", "DEBIANCVE:CVE-2022-43242", "DEBIANCVE:CVE-2022-43243", "DEBIANCVE:CVE-2022-43244", "DEBIANCVE:CVE-2022-43245", "DEBIANCVE:CVE-2022-43248", "DEBIANCVE:CVE-2022-43249", "DEBIANCVE:CVE-2022-43250", "DEBIANCVE:CVE-2022-43252", "DEBIANCVE:CVE-2022-43253", "DEBIANCVE:CVE-2022-47655"]}, {"type": "huntr", "idList": ["1-OTHER-STRUKTURAG/LIBDE265"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-3240.NASL", "DEBIAN_DLA-3280.NASL"]}, {"type": "osv", "idList": ["OSV:CVE-2020-21594", "OSV:CVE-2020-21595", "OSV:CVE-2020-21596", "OSV:CVE-2020-21597", "OSV:CVE-2020-21598", "OSV:CVE-2020-21599", "OSV:CVE-2020-21600", "OSV:CVE-2020-21601", "OSV:CVE-2020-21602", "OSV:CVE-2020-21603", "OSV:CVE-2020-21604", "OSV:CVE-2020-21605", "OSV:CVE-2020-21606", "OSV:CVE-2021-35452", "OSV:CVE-2021-36408", "OSV:CVE-2021-36410", "OSV:CVE-2021-36411", "OSV:CVE-2022-43236", "OSV:CVE-2022-43237", "OSV:CVE-2022-43238", "OSV:CVE-2022-43239", "OSV:CVE-2022-43240", "OSV:CVE-2022-43241", "OSV:CVE-2022-43242", "OSV:CVE-2022-43243", "OSV:CVE-2022-43244", "OSV:CVE-2022-43245", "OSV:CVE-2022-43248", "OSV:CVE-2022-43249", "OSV:CVE-2022-43250", "OSV:CVE-2022-43252", "OSV:CVE-2022-43253", "OSV:CVE-2022-47655", "OSV:DLA-3240-1", "OSV:DLA-3280-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-21594", "UB:CVE-2020-21595", "UB:CVE-2020-21596", "UB:CVE-2020-21597", "UB:CVE-2020-21598", "UB:CVE-2020-21599", "UB:CVE-2020-21600", "UB:CVE-2020-21601", "UB:CVE-2020-21602", "UB:CVE-2020-21603", "UB:CVE-2020-21604", "UB:CVE-2020-21605", "UB:CVE-2020-21606", "UB:CVE-2021-35452", "UB:CVE-2021-36408", "UB:CVE-2021-36409", "UB:CVE-2021-36410", "UB:CVE-2021-36411", "UB:CVE-2022-1253", "UB:CVE-2022-43235", "UB:CVE-2022-43236", "UB:CVE-2022-43237", "UB:CVE-2022-43238", "UB:CVE-2022-43239", "UB:CVE-2022-43240", "UB:CVE-2022-43241", "UB:CVE-2022-43242", "UB:CVE-2022-43243", "UB:CVE-2022-43244", "UB:CVE-2022-43245", "UB:CVE-2022-43248", "UB:CVE-2022-43249", "UB:CVE-2022-43250", "UB:CVE-2022-43252", "UB:CVE-2022-43253", "UB:CVE-2022-47655"]}, {"type": "veracode", "idList": ["VERACODE:32137", "VERACODE:32138", "VERACODE:33597", "VERACODE:33598", "VERACODE:33604", "VERACODE:33605", "VERACODE:33606", "VERACODE:35002", "VERACODE:37778", "VERACODE:37781", "VERACODE:37787", "VERACODE:37791", "VERACODE:37792", "VERACODE:37793", "VERACODE:37794", "VERACODE:37795", "VERACODE:37796", "VERACODE:37797", "VERACODE:37799", "VERACODE:37800", "VERACODE:37801", "VERACODE:37802", "VERACODE:37803", "VERACODE:37805", "VERACODE:38857"]}]}, "epss": [{"cve": "CVE-2020-21594", "epss": "0.000940000", "percentile": "0.382460000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21595", "epss": "0.000780000", "percentile": "0.321040000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21596", "epss": "0.001050000", "percentile": "0.411720000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21597", "epss": "0.000770000", "percentile": "0.310660000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21598", "epss": "0.001340000", "percentile": "0.467680000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21599", "epss": "0.000970000", "percentile": "0.390140000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21600", "epss": "0.000890000", "percentile": "0.364110000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21601", "epss": "0.000780000", "percentile": "0.321040000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21602", "epss": "0.000890000", "percentile": "0.364110000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21603", "epss": "0.000780000", "percentile": "0.321040000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21604", "epss": "0.000780000", "percentile": "0.321040000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21605", "epss": "0.000780000", "percentile": "0.321040000", "modified": "2023-03-20"}, {"cve": "CVE-2020-21606", "epss": "0.000780000", "percentile": "0.321040000", "modified": "2023-03-20"}, {"cve": "CVE-2021-35452", "epss": "0.000880000", "percentile": "0.358820000", "modified": "2023-03-20"}, {"cve": "CVE-2021-36408", "epss": "0.000480000", "percentile": "0.145290000", "modified": "2023-03-20"}, {"cve": "CVE-2021-36409", "epss": "0.000560000", "percentile": "0.214700000", "modified": "2023-03-20"}, {"cve": "CVE-2021-36410", "epss": "0.000480000", "percentile": "0.145290000", "modified": "2023-03-20"}, {"cve": "CVE-2021-36411", "epss": "0.000890000", "percentile": "0.363240000", "modified": "2023-03-20"}, {"cve": "CVE-2022-1253", "epss": "0.000690000", "percentile": "0.281170000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43235", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43236", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43237", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43238", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43239", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43240", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43241", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43242", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43243", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43244", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43245", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43248", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43249", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43250", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43252", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-43253", "epss": "0.000470000", "percentile": "0.143840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-47655", "epss": "0.000500000", "percentile": "0.173380000", "modified": "2023-03-20"}], "vulnersScore": 3.0}, "_state": {"score": 1684017862, "dependencies": 1676080421, "affected_software_major_version": 1677394894, "epss": 1679356115}, "_internal": {"score_hash": "c7a0e6781260f83d8fef4764e705dfb9"}, "affectedSoftware": [{"version": "1.0.8-1", "operator": "eq", "name": "libde265"}, {"version": "1.0.8-1.1", "operator": "eq", "name": "libde265"}, {"version": "1.0.9-1", "operator": "eq", "name": "libde265"}, {"version": "1.0.9-1.1", "operator": "eq", "name": "libde265"}]}

{"nessus": [{"lastseen": "2023-05-17T16:41:27", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5346 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. (CVE-2020-21594)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. (CVE-2020-21595)\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. (CVE-2020-21598)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. (CVE-2020-21599)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21600)\n\n - libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. (CVE-2020-21601)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21602)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. (CVE-2020-21603)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. (CVE-2020-21604)\n\n - libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. (CVE-2020-21605)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21606)\n\n - An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.\n (CVE-2021-35452)\n\n - An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. (CVE-2021-36408)\n\n - There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact. (CVE-2021-36409)\n\n - A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265. (CVE-2021-36410)\n\n - An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. (CVE-2021-36411)\n\n - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release. (CVE-2022-1253)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43235)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-11T00:00:00", "type": "nessus", "title": "Debian DSA-5346-1 : libde265 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411", "CVE-2022-1253", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-02-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libde265-0", "p-cpe:/a:debian:debian_linux:libde265-dev", "p-cpe:/a:debian:debian_linux:libde265-examples", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5346.NASL", "href": "https://www.tenable.com/plugins/nessus/171376", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5346. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171376);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/11\");\n\n script_cve_id(\n \"CVE-2020-21594\",\n \"CVE-2020-21595\",\n \"CVE-2020-21596\",\n \"CVE-2020-21597\",\n \"CVE-2020-21598\",\n \"CVE-2020-21599\",\n \"CVE-2020-21600\",\n \"CVE-2020-21601\",\n \"CVE-2020-21602\",\n \"CVE-2020-21603\",\n \"CVE-2020-21604\",\n \"CVE-2020-21605\",\n \"CVE-2020-21606\",\n \"CVE-2021-35452\",\n \"CVE-2021-36408\",\n \"CVE-2021-36409\",\n \"CVE-2021-36410\",\n \"CVE-2021-36411\",\n \"CVE-2022-1253\",\n \"CVE-2022-43235\",\n \"CVE-2022-43236\",\n \"CVE-2022-43237\",\n \"CVE-2022-43238\",\n \"CVE-2022-43239\",\n \"CVE-2022-43240\",\n \"CVE-2022-43241\",\n \"CVE-2022-43242\",\n \"CVE-2022-43243\",\n \"CVE-2022-43244\",\n \"CVE-2022-43245\",\n \"CVE-2022-43248\",\n \"CVE-2022-43249\",\n \"CVE-2022-43250\",\n \"CVE-2022-43252\",\n \"CVE-2022-43253\",\n \"CVE-2022-47655\"\n );\n\n script_name(english:\"Debian DSA-5346-1 : libde265 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5346 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be\n exploited via a crafted a file. (CVE-2020-21594)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a\n crafted a file. (CVE-2020-21595)\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited\n via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a\n crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which\n can be exploited via a crafted a file. (CVE-2020-21598)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be\n exploited via a crafted a file. (CVE-2020-21599)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which\n can be exploited via a crafted a file. (CVE-2020-21600)\n\n - libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited\n via a crafted a file. (CVE-2020-21601)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can\n be exploited via a crafted a file. (CVE-2020-21602)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be\n exploited via a crafted a file. (CVE-2020-21603)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be\n exploited via a crafted a file. (CVE-2020-21604)\n\n - libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited\n via a crafted a file. (CVE-2020-21605)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be\n exploited via a crafted a file. (CVE-2020-21606)\n\n - An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.\n (CVE-2021-35452)\n\n - An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding\n file using dec265. (CVE-2021-36408)\n\n - There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when\n decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a\n crafted file or possibly have unspecified other impact. (CVE-2021-36409)\n\n - A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback\n when running program dec265. (CVE-2021-36410)\n\n - An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory\n access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a\n segmentation fault and application crash, which leads to remote denial of service. (CVE-2021-36411)\n\n - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix\n is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official\n release. (CVE-2022-1253)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43235)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned\n short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char>\n in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short>\n in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of\n Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>\n (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/libde265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2023/dsa-5346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-35452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36409\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-1253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-47655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/libde265\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libde265 packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.0.11-0+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libde265-0', 'reference': '1.0.11-0+deb11u1'},\n {'release': '11.0', 'prefix': 'libde265-dev', 'reference': '1.0.11-0+deb11u1'},\n {'release': '11.0', 'prefix': 'libde265-examples', 'reference': '1.0.11-0+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libde265-0 / libde265-dev / libde265-examples');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:44:30", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 421c0af9-b206-11ed-9fe5-f4a47516fb57 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. (CVE-2020-21594)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. (CVE-2020-21595)\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. (CVE-2020-21598)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. (CVE-2020-21599)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21600)\n\n - libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. (CVE-2020-21601)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21602)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. (CVE-2020-21603)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. (CVE-2020-21604)\n\n - libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. (CVE-2020-21605)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. (CVE-2020-21606)\n\n - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release. (CVE-2022-1253)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-21T00:00:00", "type": "nessus", "title": "FreeBSD : libde256 -- multiple vulnabilities (421c0af9-b206-11ed-9fe5-f4a47516fb57)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2022-1253", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-02-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libde265", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_421C0AF9B20611ED9FE5F4A47516FB57.NASL", "href": "https://www.tenable.com/plugins/nessus/171744", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171744);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/21\");\n\n script_cve_id(\n \"CVE-2020-21594\",\n \"CVE-2020-21595\",\n \"CVE-2020-21596\",\n \"CVE-2020-21597\",\n \"CVE-2020-21598\",\n \"CVE-2020-21599\",\n \"CVE-2020-21600\",\n \"CVE-2020-21601\",\n \"CVE-2020-21602\",\n \"CVE-2020-21603\",\n \"CVE-2020-21604\",\n \"CVE-2020-21605\",\n \"CVE-2020-21606\",\n \"CVE-2022-1253\",\n \"CVE-2022-43236\",\n \"CVE-2022-43237\",\n \"CVE-2022-43238\",\n \"CVE-2022-43239\",\n \"CVE-2022-43240\",\n \"CVE-2022-43241\",\n \"CVE-2022-43242\",\n \"CVE-2022-43243\",\n \"CVE-2022-43244\",\n \"CVE-2022-43245\",\n \"CVE-2022-43248\",\n \"CVE-2022-43249\",\n \"CVE-2022-43250\",\n \"CVE-2022-43252\",\n \"CVE-2022-43253\",\n \"CVE-2022-47655\"\n );\n\n script_name(english:\"FreeBSD : libde256 -- multiple vulnabilities (421c0af9-b206-11ed-9fe5-f4a47516fb57)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 421c0af9-b206-11ed-9fe5-f4a47516fb57 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be\n exploited via a crafted a file. (CVE-2020-21594)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a\n crafted a file. (CVE-2020-21595)\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited\n via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a\n crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which\n can be exploited via a crafted a file. (CVE-2020-21598)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be\n exploited via a crafted a file. (CVE-2020-21599)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which\n can be exploited via a crafted a file. (CVE-2020-21600)\n\n - libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited\n via a crafted a file. (CVE-2020-21601)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can\n be exploited via a crafted a file. (CVE-2020-21602)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be\n exploited via a crafted a file. (CVE-2020-21603)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be\n exploited via a crafted a file. (CVE-2020-21604)\n\n - libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited\n via a crafted a file. (CVE-2020-21605)\n\n - libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be\n exploited via a crafted a file. (CVE-2020-21606)\n\n - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix\n is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official\n release. (CVE-2022-1253)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned\n short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char>\n in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short>\n in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of\n Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>\n (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/strukturag/libde265/releases/tag/v1.0.10\");\n # https://vuxml.freebsd.org/freebsd/421c0af9-b206-11ed-9fe5-f4a47516fb57.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?944bc6d7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libde265\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'libde265<1.0.11'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:41:49", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3280 advisory.\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. (CVE-2020-21598)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43235)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse- motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-25T00:00:00", "type": "nessus", "title": "Debian DLA-3280-1 : libde265 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-01-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libde265-0", "p-cpe:/a:debian:debian_linux:libde265-dev", "p-cpe:/a:debian:debian_linux:libde265-examples", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3280.NASL", "href": "https://www.tenable.com/plugins/nessus/170563", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3280. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170563);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/25\");\n\n script_cve_id(\n \"CVE-2020-21596\",\n \"CVE-2020-21597\",\n \"CVE-2020-21598\",\n \"CVE-2022-43235\",\n \"CVE-2022-43236\",\n \"CVE-2022-43237\",\n \"CVE-2022-43238\",\n \"CVE-2022-43239\",\n \"CVE-2022-43240\",\n \"CVE-2022-43241\",\n \"CVE-2022-43242\",\n \"CVE-2022-43243\",\n \"CVE-2022-43244\",\n \"CVE-2022-43245\",\n \"CVE-2022-43248\",\n \"CVE-2022-43249\",\n \"CVE-2022-43250\",\n \"CVE-2022-43252\",\n \"CVE-2022-43253\",\n \"CVE-2022-47655\"\n );\n\n script_name(english:\"Debian DLA-3280-1 : libde265 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3280 advisory.\n\n - libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited\n via a crafted a file. (CVE-2020-21596)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a\n crafted a file. (CVE-2020-21597)\n\n - libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which\n can be exploited via a crafted a file. (CVE-2020-21598)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43235)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43236)\n\n - Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43237)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43238)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned\n short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43239)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file. (CVE-2022-43240)\n\n - Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-\n motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43241)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char>\n in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43242)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43243)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43244)\n\n - Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short>\n in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video\n file. (CVE-2022-43245)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43248)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43249)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of\n Service (DoS) via a crafted video file. (CVE-2022-43250)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted\n video file. (CVE-2022-43252)\n\n - Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via\n put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file. (CVE-2022-43253)\n\n - Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>\n (CVE-2022-47655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/libde265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2023/dla-3280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-43253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-47655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/libde265\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libde265 packages.\n\nFor Debian 10 buster, these problems have been fixed in version 1.0.3-1+deb10u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-21598\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libde265-0', 'reference': '1.0.3-1+deb10u2'},\n {'release': '10.0', 'prefix': 'libde265-dev', 'reference': '1.0.3-1+deb10u2'},\n {'release': '10.0', 'prefix': 'libde265-examples', 'reference': '1.0.3-1+deb10u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libde265-0 / libde265-dev / libde265-examples');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:38:58", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3240 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. (CVE-2020-21599)\n\n - An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.\n (CVE-2021-35452)\n\n - An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. (CVE-2021-36408)\n\n - There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact. (CVE-2021-36409)\n\n - A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265. (CVE-2021-36410)\n\n - An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. (CVE-2021-36411)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-16T00:00:00", "type": "nessus", "title": "Debian DLA-3240-1 : libde265 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-21599", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411"], "modified": "2022-12-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libde265-0", "p-cpe:/a:debian:debian_linux:libde265-dev", "p-cpe:/a:debian:debian_linux:libde265-examples", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3240.NASL", "href": "https://www.tenable.com/plugins/nessus/168855", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3240. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168855);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/16\");\n\n script_cve_id(\n \"CVE-2020-21599\",\n \"CVE-2021-35452\",\n \"CVE-2021-36408\",\n \"CVE-2021-36409\",\n \"CVE-2021-36410\",\n \"CVE-2021-36411\"\n );\n\n script_name(english:\"Debian DLA-3240-1 : libde265 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3240 advisory.\n\n - libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be\n exploited via a crafted a file. (CVE-2020-21599)\n\n - An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.\n (CVE-2021-35452)\n\n - An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding\n file using dec265. (CVE-2021-36408)\n\n - There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when\n decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a\n crafted file or possibly have unspecified other impact. (CVE-2021-36409)\n\n - A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback\n when running program dec265. (CVE-2021-36410)\n\n - An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory\n access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a\n segmentation fault and application crash, which leads to remote denial of service. (CVE-2021-36411)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/libde265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-21599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-35452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36409\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/libde265\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libde265 packages.\n\nFor Debian 10 buster, these problems have been fixed in version 1.0.3-1+deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36409\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libde265-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libde265-0', 'reference': '1.0.3-1+deb10u1'},\n {'release': '10.0', 'prefix': 'libde265-dev', 'reference': '1.0.3-1+deb10u1'},\n {'release': '10.0', 'prefix': 'libde265-examples', 'reference': '1.0.3-1+deb10u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libde265-0 / libde265-dev / libde265-examples');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2023-06-07T14:32:19", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5346-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 10, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libde265\nCVE ID : CVE-2020-21594 CVE-2020-21595 CVE-2020-21596 CVE-2020-21597 \n CVE-2020-21598 CVE-2020-21599 CVE-2020-21600 CVE-2020-21601 \n CVE-2020-21602 CVE-2020-21603 CVE-2020-21604 CVE-2020-21605 \n CVE-2020-21606 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 \n CVE-2021-36410 CVE-2021-36411 CVE-2022-1253 CVE-2022-43235 \n CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 \n CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 \n CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 \n CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655\nDebian Bug : 1004963 1014977 1014999 1025816 1027179 1029357 1029396 1029397\n\nMultiple security issues were discovered in libde265, an implementation of\nthe H.265 video codec which may result in denial of service and potentially\nthe execution of arbitrary code if a malformed media file is processed.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.0.11-0+deb11u1.\n\nWe recommend that you upgrade your libde265 packages.\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libde265\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-10T19:38:07", "type": "debian", "title": "[SECURITY] [DSA 5346-1] libde265 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411", "CVE-2022-1253", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-02-10T19:38:07", "id": "DEBIAN:DSA-5346-1:95B61", "href": "https://lists.debian.org/debian-security-announce/2023/msg00035.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:05:53", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-3280-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Tobias Frost\nJanuary 24, 2023 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : libde265\nVersion : 1.0.3-1+deb10u2\nCVE ID : CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2022-43235 \n CVE-2022-43236 CVE-2022-43237 CVE-2022-43238 CVE-2022-43239 \n CVE-2022-43240 CVE-2022-43241 CVE-2022-43242 CVE-2022-43243 \n CVE-2022-43244 CVE-2022-43245 CVE-2022-43248 CVE-2022-43249 \n CVE-2022-43250 CVE-2022-43252 CVE-2022-43253 CVE-2022-47655\nDebian Bug : 1025816 1027179 1029357 1029397\n\nMultiple issues were found in libde265, an open source implementation\nof the H.265 video codec, which may result in denial of service or have\nunspecified other impact.\n\n\nCVE-2020-21596\n\n libde265 v1.0.4 contains a global buffer overflow in the\n decode_CABAC_bit function, which can be exploited via a crafted a\n file.\n\nCVE-2020-21597\n\n libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma\n function, which can be exploited via a crafted a file.\n\nCVE-2020-21598\n\n libde265 v1.0.4 contains a heap buffer overflow in the\n ff_hevc_put_unweighted_pred_8_sse function, which can be exploited\n via a crafted a file.\n\nCVE-2022-43235\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n\nCVE-2022-43236\n\n Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow\n vulnerability via put_qpel_fallback&lt;unsigned short&gt; in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43237\n\n Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow\n vulnerability via void put_epel_hv_fallback&lt;unsigned short&gt; in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43238\n\n Libde265 v1.0.8 was discovered to contain an unknown crash via\n ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n\nCVE-2022-43239\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via mc_chroma&lt;unsigned short&gt; in motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n\nCVE-2022-43240\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n\nCVE-2022-43241\n\n Libde265 v1.0.8 was discovered to contain an unknown crash via\n ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability\n allows attackers to cause a Denial of Service (DoS) via a crafted\n video file.\n\nCVE-2022-43242\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via mc_luma&lt;unsigned char&gt; in motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n\nCVE-2022-43243\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n\nCVE-2022-43244\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_qpel_fallback&lt;unsigned short&gt; in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43245\n\n Libde265 v1.0.8 was discovered to contain a segmentation violation\n via apply_sao_internal&lt;unsigned short&gt; in sao.cc. This vulnerability\n allows attackers to cause a Denial of Service (DoS) via a crafted\n video file.\n\nCVE-2022-43248\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_weighted_pred_avg_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43249\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_epel_hv_fallback&lt;unsigned short&gt; in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-43250\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc.\n This vulnerability allows attackers to cause a Denial of Service\n (DoS) via a crafted video file.\n\nCVE-2022-43252\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_epel_16_fallback in fallback-motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n\nCVE-2022-43253\n\n Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put_unweighted_pred_16_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n\nCVE-2022-47655\n\n Libde265 1.0.9 is vulnerable to Buffer Overflow in function void\n put_qpel_fallback&lt;unsigned short&gt;\n\nFor Debian 10 buster, these problems have been fixed in version\n1.0.3-1+deb10u2.\n\nWe recommend that you upgrade your libde265 packages.\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libde265\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-01-24T22:20:48", "type": "debian", "title": "[SECURITY] [DLA 3280-1] libde265 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-01-24T22:20:48", "id": "DEBIAN:DLA-3280-1:0307C", "href": "https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T15:14:41", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-3240-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Tobias Frost\nDecember 15, 2022 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : libde265\nVersion : 1.0.3-1+deb10u1\nCVE ID : CVE-2020-21599 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409\n CVE-2021-36410 CVE-2021-36411\nDebian Bug : 1014977\n\nMultiple issues were found in libde265, an open source implementation of the\nh.265 video codec, which may result in denial of or have unspecified other\nimpact.\n\n\nCVE-2020-21599\n\n libde265 v1.0.4 contains a heap buffer overflow in the\n de265_image::available_zscan function, which can be exploited via a crafted\n a file.\n\nCVE-2021-35452\n\n An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to\n a SEGV in slice.cc.\n\nCVE-2021-36408\n\n libde265 v1.0.8 contains a Heap-use-after-free in intrapred.h when decoding\n file using dec265.\n\nCVE-2021-36409\n\n There is an Assertion `scaling_list_pred_matrix_id_delta==1&#x27; failed at\n sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to\n cause a Denial of Service (DoS) by running the application with a crafted\n file or possibly have unspecified other impact.\n\nCVE-2021-36410\n\n A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in\n function put_epel_hv_fallback when running program dec265.\n\nCVE-2021-36411\n\n An issue has been found in libde265 v1.0.8 due to incorrect access control.\n A SEGV caused by a READ memory access in function derive_boundaryStrength of\n deblock.cc has occurred. The vulnerability causes a segmentation fault and\n application crash, which leads to remote denial of service.\n\nFor Debian 10 buster, these problems have been fixed in version\n1.0.3-1+deb10u1.\n\nWe recommend that you upgrade your libde265 packages.\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libde265\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-12-15T18:13:59", "type": "debian", "title": "[SECURITY] [DLA 3240-1] libde265 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21599", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411"], "modified": "2022-12-15T18:13:59", "id": "DEBIAN:DLA-3240-1:DA04E", "href": "https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-07T16:29:31", "description": "\n\nLibde265 developer reports:\n\nThis release fixes the known CVEs below. Many of them are actually caused by the same underlying issues that manifest in different ways.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-27T00:00:00", "type": "freebsd", "title": "libde256 -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2022-1253", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-01-27T00:00:00", "id": "421C0AF9-B206-11ED-9FE5-F4A47516FB57", "href": "https://vuxml.freebsd.org/freebsd/421c0af9-b206-11ed-9fe5-f4a47516fb57.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2023-01-24T23:20:01", "description": "\nMultiple issues were found in libde265, an open source implementation\nof the H.265 video codec, which may result in denial of or have unspecified other\nimpact.\n\n\n\n* [CVE-2020-21596](https://security-tracker.debian.org/tracker/CVE-2020-21596)\nlibde265 v1.0.4 contains a global buffer overflow in the\n decode\\_CABAC\\_bit function, which can be exploited via a crafted a\n file.\n* [CVE-2020-21597](https://security-tracker.debian.org/tracker/CVE-2020-21597)\nlibde265 v1.0.4 contains a heap buffer overflow in the mc\\_chroma\n function, which can be exploited via a crafted a file.\n* [CVE-2020-21598](https://security-tracker.debian.org/tracker/CVE-2020-21598)\nlibde265 v1.0.4 contains a heap buffer overflow in the\n ff\\_hevc\\_put\\_unweighted\\_pred\\_8\\_sse function, which can be exploited\n via a crafted a file.\n* [CVE-2022-43235](https://security-tracker.debian.org/tracker/CVE-2022-43235)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff\\_hevc\\_put\\_hevc\\_epel\\_pixels\\_8\\_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n* [CVE-2022-43236](https://security-tracker.debian.org/tracker/CVE-2022-43236)\nLibde265 v1.0.8 was discovered to contain a stack-buffer-overflow\n vulnerability via put\\_qpel\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43237](https://security-tracker.debian.org/tracker/CVE-2022-43237)\nLibde265 v1.0.8 was discovered to contain a stack-buffer-overflow\n vulnerability via void put\\_epel\\_hv\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43238](https://security-tracker.debian.org/tracker/CVE-2022-43238)\nLibde265 v1.0.8 was discovered to contain an unknown crash via\n ff\\_hevc\\_put\\_hevc\\_qpel\\_h\\_3\\_v\\_3\\_sse in sse-motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n* [CVE-2022-43239](https://security-tracker.debian.org/tracker/CVE-2022-43239)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via mc\\_chroma in motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n* [CVE-2022-43240](https://security-tracker.debian.org/tracker/CVE-2022-43240)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff\\_hevc\\_put\\_hevc\\_qpel\\_h\\_2\\_v\\_1\\_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n* [CVE-2022-43241](https://security-tracker.debian.org/tracker/CVE-2022-43241)\nLibde265 v1.0.8 was discovered to contain an unknown crash via\n ff\\_hevc\\_put\\_hevc\\_qpel\\_v\\_3\\_8\\_sse in sse-motion.cc. This vulnerability\n allows attackers to cause a Denial of Service (DoS) via a crafted\n video file.\n* [CVE-2022-43242](https://security-tracker.debian.org/tracker/CVE-2022-43242)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via mc\\_luma in motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n* [CVE-2022-43243](https://security-tracker.debian.org/tracker/CVE-2022-43243)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via ff\\_hevc\\_put\\_weighted\\_pred\\_avg\\_8\\_sse in\n sse-motion.cc. This vulnerability allows attackers to cause a Denial\n of Service (DoS) via a crafted video file.\n* [CVE-2022-43244](https://security-tracker.debian.org/tracker/CVE-2022-43244)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_qpel\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43245](https://security-tracker.debian.org/tracker/CVE-2022-43245)\nLibde265 v1.0.8 was discovered to contain a segmentation violation\n via apply\\_sao\\_internal in sao.cc. This vulnerability\n allows attackers to cause a Denial of Service (DoS) via a crafted\n video file.\n* [CVE-2022-43248](https://security-tracker.debian.org/tracker/CVE-2022-43248)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_weighted\\_pred\\_avg\\_16\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43249](https://security-tracker.debian.org/tracker/CVE-2022-43249)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_epel\\_hv\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-43250](https://security-tracker.debian.org/tracker/CVE-2022-43250)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_qpel\\_0\\_0\\_fallback\\_16 in fallback-motion.cc.\n This vulnerability allows attackers to cause a Denial of Service\n (DoS) via a crafted video file.\n* [CVE-2022-43252](https://security-tracker.debian.org/tracker/CVE-2022-43252)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_epel\\_16\\_fallback in fallback-motion.cc. This\n vulnerability allows attackers to cause a Denial of Service (DoS)\n via a crafted video file.\n* [CVE-2022-43253](https://security-tracker.debian.org/tracker/CVE-2022-43253)\nLibde265 v1.0.8 was discovered to contain a heap-buffer-overflow\n vulnerability via put\\_unweighted\\_pred\\_16\\_fallback in\n fallback-motion.cc. This vulnerability allows attackers to cause a\n Denial of Service (DoS) via a crafted video file.\n* [CVE-2022-47655](https://security-tracker.debian.org/tracker/CVE-2022-47655)\nLibde265 1.0.9 is vulnerable to Buffer Overflow in function void\n put\\_qpel\\_fallback\n\n\nFor Debian 10 buster, these problems have been fixed in version\n1.0.3-1+deb10u2.\n\n\nWe recommend that you upgrade your libde265 packages.\n\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/libde265>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-01-24T00:00:00", "type": "osv", "title": "libde265 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655"], "modified": "2023-01-24T23:19:57", "id": "OSV:DLA-3280-1", "href": "https://osv.dev/vulnerability/DLA-3280-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-15T21:04:57", "description": "\nMultiple issues were found in libde265, an open source implementation of the\nh.265 video codec, which may result in denial of or have unspecified other\nimpact.\n\n\n\n* [CVE-2020-21599](https://security-tracker.debian.org/tracker/CVE-2020-21599)\nlibde265 v1.0.4 contains a heap buffer overflow in the\n de265\\_image::available\\_zscan function, which can be exploited via a crafted\n a file.\n* [CVE-2021-35452](https://security-tracker.debian.org/tracker/CVE-2021-35452)\nAn Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to\n a SEGV in slice.cc.\n* [CVE-2021-36408](https://security-tracker.debian.org/tracker/CVE-2021-36408)\nlibde265 v1.0.8 contains a Heap-use-after-free in intrapred.h when decoding\n file using dec265.\n* [CVE-2021-36409](https://security-tracker.debian.org/tracker/CVE-2021-36409)\nThere is an Assertion `scaling\\_list\\_pred\\_matrix\\_id\\_delta==1' failed at\n sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to\n cause a Denial of Service (DoS) by running the application with a crafted\n file or possibly have unspecified other impact.\n* [CVE-2021-36410](https://security-tracker.debian.org/tracker/CVE-2021-36410)\nA stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in\n function put\\_epel\\_hv\\_fallback when running program dec265.\n* [CVE-2021-36411](https://security-tracker.debian.org/tracker/CVE-2021-36411)\nAn issue has been found in libde265 v1.0.8 due to incorrect access control.\n A SEGV caused by a READ memory access in function derive\\_boundaryStrength of\n deblock.cc has occurred. The vulnerability causes a segmentation fault and\n application crash, which leads to remote denial of service.\n\n\nFor Debian 10 buster, these problems have been fixed in version\n1.0.3-1+deb10u1.\n\n\nWe recommend that you upgrade your libde265 packages.\n\n\nFor the detailed security status of libde265 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/libde265>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-12-15T00:00:00", "type": "osv", "title": "libde265 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21599", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411"], "modified": "2022-12-15T21:04:54", "id": "OSV:DLA-3240-1", "href": "https://osv.dev/vulnerability/DLA-3240-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-16T07:33:36", "description": "A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.", "cvss3": {}, "published": "2022-01-10T23:15:00", "type": "osv", "title": "CVE-2021-36410", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-36410"], "modified": "2023-02-16T07:33:33", "id": "OSV:CVE-2021-36410", "href": "https://osv.dev/vulnerability/CVE-2021-36410", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-16T07:33:36", "description": "An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.", "cvss3": {}, "published": "2022-01-10T23:15:00", "type": "osv", "title": "CVE-2021-36411", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-36411"], "modified": "2023-02-16T07:33:33", "id": "OSV:CVE-2021-36411", "href": "https://osv.dev/vulnerability/CVE-2021-36411", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:49", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43249", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43249"], "modified": "2023-02-27T17:50:46", "id": "OSV:CVE-2022-43249", "href": "https://osv.dev/vulnerability/CVE-2022-43249", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-11T16:16:58", "description": "Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>", "cvss3": {}, "published": "2023-01-05T16:15:00", "type": "osv", "title": "CVE-2022-47655", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-47655"], "modified": "2023-02-11T16:16:54", "id": "OSV:CVE-2022-47655", "href": "https://osv.dev/vulnerability/CVE-2022-47655", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:52", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43252", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43252"], "modified": "2023-02-27T17:50:51", "id": "OSV:CVE-2022-43252", "href": "https://osv.dev/vulnerability/CVE-2022-43252", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:53", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43250", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43250"], "modified": "2023-02-27T17:50:48", "id": "OSV:CVE-2022-43250", "href": "https://osv.dev/vulnerability/CVE-2022-43250", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:56", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43253", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43253"], "modified": "2023-02-27T17:50:53", "id": "OSV:CVE-2022-43253", "href": "https://osv.dev/vulnerability/CVE-2022-43253", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:43", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43241", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43241"], "modified": "2023-02-27T17:50:41", "id": "OSV:CVE-2022-43241", "href": "https://osv.dev/vulnerability/CVE-2022-43241", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-16T07:33:35", "description": "An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.", "cvss3": {}, "published": "2022-01-10T23:15:00", "type": "osv", "title": "CVE-2021-36408", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-36408"], "modified": "2023-02-16T07:33:32", "id": "OSV:CVE-2021-36408", "href": "https://osv.dev/vulnerability/CVE-2021-36408", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:48", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43243", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43243"], "modified": "2023-02-27T17:50:44", "id": "OSV:CVE-2022-43243", "href": "https://osv.dev/vulnerability/CVE-2022-43243", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-11T16:16:47", "description": "libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.", "cvss3": {}, "published": "2021-09-16T22:15:00", "type": "osv", "title": "CVE-2020-21601", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-21601"], "modified": "2023-02-11T16:16:40", "id": "OSV:CVE-2020-21601", "href": "https://osv.dev/vulnerability/CVE-2020-21601", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:37", "description": "Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43245", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43245"], "modified": "2023-02-27T17:50:33", "id": "OSV:CVE-2022-43245", "href": "https://osv.dev/vulnerability/CVE-2022-43245", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:45", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43239", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43239"], "modified": "2023-02-27T17:50:37", "id": "OSV:CVE-2022-43239", "href": "https://osv.dev/vulnerability/CVE-2022-43239", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:51:16", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43244", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43244"], "modified": "2023-02-27T17:51:12", "id": "OSV:CVE-2022-43244", "href": "https://osv.dev/vulnerability/CVE-2022-43244", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:27", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43237", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43237"], "modified": "2023-02-27T17:50:22", "id": "OSV:CVE-2022-43237", "href": "https://osv.dev/vulnerability/CVE-2022-43237", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:43", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43240", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43240"], "modified": "2023-02-27T17:50:40", "id": "OSV:CVE-2022-43240", "href": "https://osv.dev/vulnerability/CVE-2022-43240", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-24T01:07:30", "description": "libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.", "cvss3": {}, "published": "2021-09-16T22:15:00", "type": "osv", "title": "CVE-2020-21596", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-21596"], "modified": "2023-02-24T01:07:26", "id": "OSV:CVE-2020-21596", "href": "https://osv.dev/vulnerability/CVE-2020-21596", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-24T01:07:46", "description": "libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.", "cvss3": {}, "published": "2021-09-16T22:15:00", "type": "osv", "title": "CVE-2020-21598", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-21598"], "modified": "2023-02-24T01:07:39", "id": "OSV:CVE-2020-21598", "href": "https://osv.dev/vulnerability/CVE-2020-21598", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:31", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43248", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43248"], "modified": "2023-02-27T17:50:28", "id": "OSV:CVE-2022-43248", "href": "https://osv.dev/vulnerability/CVE-2022-43248", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-11T16:16:46", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {}, "published": "2021-09-16T22:15:00", "type": "osv", "title": "CVE-2020-21600", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-21600"], "modified": "2023-02-11T16:16:40", "id": "OSV:CVE-2020-21600", "href": "https://osv.dev/vulnerability/CVE-2020-21600", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-24T01:07:46", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.", "cvss3": {}, "published": "2021-09-16T22:15:00", "type": "osv", "title": "CVE-2020-21597", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-21597"], "modified": "2023-02-24T01:07:38", "id": "OSV:CVE-2020-21597", "href": "https://osv.dev/vulnerability/CVE-2020-21597", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:38", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43238", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43238"], "modified": "2023-02-27T17:50:35", "id": "OSV:CVE-2022-43238", "href": "https://osv.dev/vulnerability/CVE-2022-43238", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:39", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43236", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43236"], "modified": "2023-02-27T17:50:30", "id": "OSV:CVE-2022-43236", "href": "https://osv.dev/vulnerability/CVE-2022-43236", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-27T17:50:49", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {}, "published": "2022-11-02T14:15:00", "type": "osv", "title": "CVE-2022-43242", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-43242"], "modified": "2023-02-27T17:50:43", "id": "OSV:CVE-2022-43242", "href": "https://osv.dev/vulnerability/CVE-2022-43242", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-11T16:16:46", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {}, "published": "2021-09-16T22:15:00", "type": "osv", "title": "CVE-2020-21602", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-21602"], "modified": "2023-02-11T16:16:42", "id": "OSV:CVE-2020-21602", "href": "https://osv.dev/vulnerability/CVE-2020-21602", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-11T16:16:47", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.", "cvss3": {}, "published": "2021-09-16T22:15:00", "type": "osv", "title": "CVE-2020-21603", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-21603"], "modified": "2023-02-11T16:16:42", "id": "OSV:CVE-2020-21603", "href": "https://osv.dev/vulnerability/CVE-2020-21603", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-11T16:16:51", "description": "libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {}, "published": "2021-09-16T22:15:00", "type": "osv", "title": "CVE-2020-21606", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-21606"], "modified": "2023-02-11T16:16:47", "id": "OSV:CVE-2020-21606", "href": "https://osv.dev/vulnerability/CVE-2020-21606", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-11T16:18:22", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.", "cvss3": {}, "published": "2021-09-16T22:15:00", "type": "osv", "title": "CVE-2020-21595", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-21595"], "modified": "2023-02-11T16:18:15", "id": "OSV:CVE-2020-21595", "href": "https://osv.dev/vulnerability/CVE-2020-21595", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2023-06-08T18:30:15", "description": "libde265 has been updated to version 1.0.11 to fix many security issues. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-18T22:16:28", "type": "mageia", "title": "Updated libde265 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2021-35452", "CVE-2021-36408", "CVE-2021-36409", "CVE-2021-36410", "CVE-2021-36411", "CVE-2022-1253", "CVE-2022-43235", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655", "CVE-2022-47664", "CVE-2022-47665", "CVE-2023-24751", "CVE-2023-24752", "CVE-2023-24754", "CVE-2023-24755", "CVE-2023-24756", "CVE-2023-24757", "CVE-2023-24758", "CVE-2023-25221"], "modified": "2023-03-18T22:16:28", "id": "MGASA-2023-0093", "href": "https://advisories.mageia.org/MGASA-2023-0093.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T06:04:24", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to the `scaling_list_pred_matrix_id_delta==1` assertion failing in `sps.cc`, allowing an attacker to cause an application crash through the crafted file\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-12T03:17:45", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36409"], "modified": "2023-02-16T07:14:49", "id": "VERACODE:33597", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33597/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T06:29:17", "description": "libde265.so is vulnerable to denial of service (DoS) attacks. A remote attacker is able to cause a stack based buffer overflow via the vulnerable function `put_epel_hv_fallback` in `fallback-motion.cc` when running program `dec265`, resulting in denial of service conditions. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-12T07:06:52", "type": "veracode", "title": "Denial Of Service", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36410"], "modified": "2023-02-16T07:14:40", "id": "VERACODE:33605", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33605/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T06:29:18", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to incorrect access control, allowing an attacker to cause segmentation fault through the READ memory access in the `derive_boundaryStrength` function of `deblock.cc`, leading to an application crash \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-12T03:41:57", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36411"], "modified": "2023-02-16T07:14:49", "id": "VERACODE:33598", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33598/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T20:07:10", "description": "libde265.so is vulnerable to denial of service (DoS). A heap-based-buffer-overflow vulnerability is due the `put_epel_hv_fallback` function in `fallback-motion.cc`, which allows a remote attacker to cause denial of service conditions via a crafted video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T07:16:55", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2023-02-27T17:55:08", "id": "VERACODE:37802", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37802/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T19:52:30", "description": "libde265.so is vulnerable to buffer overflows. A local attacker is able to cause a stack based buffer overflow via the `put_qpel_fallback` function in `fallback-motion.cc`.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-01-12T22:41:51", "type": "veracode", "title": "Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-47655"], "modified": "2023-02-11T15:22:26", "id": "VERACODE:38857", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-38857/summary", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T19:56:02", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to heap-buffer-overflow in the `put_epel_16_fallback` function of `fallback-motion.cc`, allowing an attacker to crash the application through a maliciously crafted video file. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T02:35:50", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43252"], "modified": "2023-02-27T17:55:07", "id": "VERACODE:37778", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37778/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T20:07:11", "description": "libde265.so is vulnerable to denial of service (DoS) attacks. A heap-based-buffer-overflow vulnerability exists due the `put_qpel_0_0_fallback_16` function i `fallback-motion.cc`, which allows a remote attacker to cause denial of service via a crafted video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T06:48:33", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43250"], "modified": "2023-02-27T17:55:07", "id": "VERACODE:37797", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37797/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T19:53:03", "description": "libde265.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to a heap-buffer-overflow in the `put_unweighted_pred_16_fallback` function in `fallback-motion.cc`, which allows a remote attacker to crash the application via a malicious video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T07:45:12", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43253"], "modified": "2023-02-27T17:55:06", "id": "VERACODE:37805", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37805/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T20:07:16", "description": "libde265.so is vulnerable to denial of service (DoS). The vulnerability is due to the `ff_hevc_put_hevc_qpel_v_3_8_sse` function in `sse-motion.cc`, causing a crash via a crafted video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T06:10:25", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43241"], "modified": "2023-02-27T17:55:17", "id": "VERACODE:37793", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37793/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T19:53:07", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to a heap-based buffer overflow in `ff_hevc_put_hevc_epel_pixels_8_sse` function of `sse-motion.cc` which allows an attacker to cause an application crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T06:49:46", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43235"], "modified": "2023-02-27T17:55:12", "id": "VERACODE:37799", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37799/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-18T06:29:17", "description": "libde265.so is vulnerable to use-after-free. The vulnerability is possible because of a flaw in the server code of the file `intrapred.h` when decoding the file using dec265., leading to heap use-after-free.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-12T06:36:30", "type": "veracode", "title": "Use-After-Free", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36408"], "modified": "2023-02-16T07:14:29", "id": "VERACODE:33604", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33604/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T20:07:11", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to heap-buffer-overflow in the `ff_hevc_put_weighted_pred_avg_8_sse` function in `sse-motion.cc`, which allows a remote attacker to crash the application via a malicious video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T07:14:20", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43243"], "modified": "2023-02-27T17:55:16", "id": "VERACODE:37801", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37801/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T20:01:07", "description": "libde265 is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the stack buffer overflow in the `put_qpel_fallback` function, allowing an attacker to cause an application crash through the maliciously crafted file \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-02-11T17:54:34", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21601"], "modified": "2023-02-18T23:23:58", "id": "VERACODE:39217", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39217/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T20:07:09", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to a segmentation violation in the `apply_sao_internal` function of `sao.cc` which allows a remote attacker to crash the application via a malicious video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T07:32:54", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43245"], "modified": "2023-02-27T17:55:08", "id": "VERACODE:37803", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37803/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T19:53:05", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to a heap-based buffer overflow in the `mc_chroma` function of `motion.cc` which allows an attacker to cause an application crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T06:55:20", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43239"], "modified": "2023-02-27T17:55:13", "id": "VERACODE:37800", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37800/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T20:07:12", "description": "libde265.so is vulnerable to denial of service (DoS). A heap-based-buffer-overflow vulnerability exists due to the `put_qpel_fallback` function in `fallback-motion.cc` which allows a remote attacker to cause denial of service via a crafted video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T06:29:29", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43244"], "modified": "2023-02-27T17:55:12", "id": "VERACODE:37794", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37794/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T19:53:05", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to a heap-based buffer overflow in `ff_hevc_put_hevc_qpel_h_2_v_1_sse` function of `sse-motion.cc` which allows an attacker to cause an application crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T06:32:02", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43240"], "modified": "2023-02-27T17:55:16", "id": "VERACODE:37795", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37795/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T19:56:02", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to stack-buffer overflow in the `put_epel_hv_fallback` function in `fallback-motion.cc`, allowing an attacker to crash the application through a maliciously crafted video file. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T05:20:00", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43237"], "modified": "2023-02-27T17:55:14", "id": "VERACODE:37787", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37787/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T19:50:33", "description": "libde265 is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the heap buffer overflow in the `ff_hevc_put_unweighted_pred_8_sse` function, allowing an attacker to cause an application crash through the maliciously crafted file \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-02-12T09:25:30", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21598"], "modified": "2023-02-13T05:08:48", "id": "VERACODE:39232", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39232/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T20:07:11", "description": "libde265.so is vulnerable to denial of service (DoS). A heap-based-buffer-overflow vulnerability exists due to the function `put_weighted_pred_avg_16_fallback` in `fallback-motion.cc`, which allows a remote attacker to cause denial of service via a crafted video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T06:47:40", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43248"], "modified": "2023-02-27T17:55:10", "id": "VERACODE:37796", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37796/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-09-13T01:01:19", "description": "libde265.so is vulnerable to denial of service. An attacker is able to send malicious input to the `put_weighted_pred_avg_16_fallback` function to cause a heap buffer overflow.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T04:33:36", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21600"], "modified": "2022-09-08T22:36:26", "id": "VERACODE:32138", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32138/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T20:07:12", "description": "libde265.so is vulnerable to denial of service (DoS) attacks. A malicious user is able cause an application crash via a crafted video file through the `ff_hevc_put_hevc_qpel_h_3_v_3_sse` function in `sse-motion.cc`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T06:00:00", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43238"], "modified": "2023-02-27T17:55:11", "id": "VERACODE:37792", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37792/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T19:56:01", "description": "libde265.so is vulnerable to denial of service. The vulnerability exists due to a stack-buffer overflow in the `put_qpel_fallback` function of `fallback-motion.cc`, allowing an attacker to crash the application through a maliciously crafted video file. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T04:10:53", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43236"], "modified": "2023-02-27T17:55:22", "id": "VERACODE:37781", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37781/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T20:07:12", "description": "libde265.so is vulnerable to denial of service (DoS) attacks. A heap-based-buffer-overflow vulnerability exists due to the `mc_luma` function in `motion.cc`, which allows a remote attacker to cause denial of service via crafted video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-03T05:43:05", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43242"], "modified": "2023-02-27T17:55:09", "id": "VERACODE:37791", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37791/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-09-13T01:01:26", "description": "libde265.so is vulnerable to denial of service. An attacker is able to send malicious input to the `put_weighted_bipred_16_fallback` function to cause a heap buffer overflow.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T04:12:39", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21602"], "modified": "2022-09-08T22:36:25", "id": "VERACODE:32137", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32137/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T20:01:07", "description": "libde265 is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the heap buffer overflow in the ` put_qpel_0_0_fallback_16` function, allowing an attacker to cause an application crash through the maliciously crafted file \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-02-11T17:54:47", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21603"], "modified": "2023-02-13T05:25:05", "id": "VERACODE:39218", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39218/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T20:01:08", "description": "libde265 is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the heap buffer overflow in the `mc_luma` function, allowing an attacker to cause an application crash through the maliciously crafted file \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-02-12T09:25:18", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21595"], "modified": "2023-02-13T05:09:21", "id": "VERACODE:39231", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39231/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-05-24T13:23:26", "description": "There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at\nsps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to\ncause a Denial of Service (DoS) by running the application with a crafted\nfile or possibly have unspecified other impact.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-10T00:00:00", "type": "ubuntucve", "title": "CVE-2021-36409", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36409"], "modified": "2022-01-10T00:00:00", "id": "UB:CVE-2021-36409", "href": "https://ubuntu.com/security/CVE-2021-36409", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T13:23:26", "description": "A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in\nfunction put_epel_hv_fallback when running program dec265.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | out-of-bounds read issue\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-10T00:00:00", "type": "ubuntucve", "title": "CVE-2021-36410", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36410"], "modified": "2022-01-10T00:00:00", "id": "UB:CVE-2021-36410", "href": "https://ubuntu.com/security/CVE-2021-36410", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-24T13:23:27", "description": "An issue has been found in libde265 v1.0.8 due to incorrect access control.\nA SEGV caused by a READ memory access in function derive_boundaryStrength\nof deblock.cc has occurred. The vulnerability causes a segmentation fault\nand application crash, which leads to remote denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-10T00:00:00", "type": "ubuntucve", "title": "CVE-2021-36411", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36411"], "modified": "2022-01-10T00:00:00", "id": "UB:CVE-2021-36411", "href": "https://ubuntu.com/security/CVE-2021-36411", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:13:56", "description": "Libde265 1.0.9 is vulnerable to Buffer Overflow in function void\nput_qpel_fallback<unsigned short>", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-01-05T00:00:00", "type": "ubuntucve", "title": "CVE-2022-47655", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-47655"], "modified": "2023-01-05T00:00:00", "id": "UB:CVE-2022-47655", "href": "https://ubuntu.com/security/CVE-2022-47655", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T13:15:42", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via put_epel_hv_fallback<unsigned short> in\nfallback-motion.cc. This vulnerability allows attackers to cause a Denial\nof Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43249", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43249", "href": "https://ubuntu.com/security/CVE-2022-43249", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:42", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via put_epel_16_fallback in fallback-motion.cc. This\nvulnerability allows attackers to cause a Denial of Service (DoS) via a\ncrafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43252", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43252"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43252", "href": "https://ubuntu.com/security/CVE-2022-43252", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:42", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This\nvulnerability allows attackers to cause a Denial of Service (DoS) via a\ncrafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43250", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43250"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43250", "href": "https://ubuntu.com/security/CVE-2022-43250", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:42", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc.\nThis vulnerability allows attackers to cause a Denial of Service (DoS) via\na crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43253", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43253"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43253", "href": "https://ubuntu.com/security/CVE-2022-43253", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:44", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via\nff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows\nattackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43241", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43241"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43241", "href": "https://ubuntu.com/security/CVE-2022-43241", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:45", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This\nvulnerability allows attackers to cause a Denial of Service (DoS) via a\ncrafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43235", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43235"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43235", "href": "https://ubuntu.com/security/CVE-2022-43235", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-05T13:25:38", "description": "An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free\nin intrapred.h when decoding file using dec265.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-10T00:00:00", "type": "ubuntucve", "title": "CVE-2021-36408", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36408"], "modified": "2022-01-10T00:00:00", "id": "UB:CVE-2021-36408", "href": "https://ubuntu.com/security/CVE-2021-36408", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:44", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc.\nThis vulnerability allows attackers to cause a Denial of Service (DoS) via\na crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43243", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43243"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43243", "href": "https://ubuntu.com/security/CVE-2022-43243", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-08T13:58:12", "description": "libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback\nfunction, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-21601", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21601"], "modified": "2021-09-16T00:00:00", "id": "UB:CVE-2020-21601", "href": "https://ubuntu.com/security/CVE-2020-21601", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:44", "description": "Libde265 v1.0.8 was discovered to contain a segmentation violation via\napply_sao_internal<unsigned short> in sao.cc. This vulnerability allows\nattackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43245", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43245"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43245", "href": "https://ubuntu.com/security/CVE-2022-43245", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:44", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc.\nThis vulnerability allows attackers to cause a Denial of Service (DoS) via\na crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43244", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43244"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43244", "href": "https://ubuntu.com/security/CVE-2022-43244", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:45", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via mc_chroma<unsigned short> in motion.cc. This\nvulnerability allows attackers to cause a Denial of Service (DoS) via a\ncrafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43239", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43239"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43239", "href": "https://ubuntu.com/security/CVE-2022-43239", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:45", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This\nvulnerability allows attackers to cause a Denial of Service (DoS) via a\ncrafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43240", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43240"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43240", "href": "https://ubuntu.com/security/CVE-2022-43240", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:45", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow\nvulnerability via void put_epel_hv_fallback<unsigned short> in\nfallback-motion.cc. This vulnerability allows attackers to cause a Denial\nof Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43237", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43237"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43237", "href": "https://ubuntu.com/security/CVE-2022-43237", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T13:29:33", "description": "libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit\nfunction, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-21596", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21596"], "modified": "2021-09-16T00:00:00", "id": "UB:CVE-2020-21596", "href": "https://ubuntu.com/security/CVE-2020-21596", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T13:29:34", "description": "libde265 v1.0.4 contains a heap buffer overflow in the\nff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a\ncrafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-21598", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21598"], "modified": "2021-09-16T00:00:00", "id": "UB:CVE-2020-21598", "href": "https://ubuntu.com/security/CVE-2020-21598", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T13:15:44", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc.\nThis vulnerability allows attackers to cause a Denial of Service (DoS) via\na crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43248", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43248"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43248", "href": "https://ubuntu.com/security/CVE-2022-43248", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-08T13:58:12", "description": "libde265 v1.0.4 contains a heap buffer overflow in the\nput_weighted_pred_avg_16_fallback function, which can be exploited via a\ncrafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-21600", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21600"], "modified": "2021-09-16T00:00:00", "id": "UB:CVE-2020-21600", "href": "https://ubuntu.com/security/CVE-2020-21600", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T13:29:32", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function,\nwhich can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-21597", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21597"], "modified": "2021-09-16T00:00:00", "id": "UB:CVE-2020-21597", "href": "https://ubuntu.com/security/CVE-2020-21597", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:46", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via\nff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability\nallows attackers to cause a Denial of Service (DoS) via a crafted video\nfile.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43238", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43238"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43238", "href": "https://ubuntu.com/security/CVE-2022-43238", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:44", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow\nvulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability\nallows attackers to cause a Denial of Service (DoS) via a crafted video\nfile.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43242", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43242"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43242", "href": "https://ubuntu.com/security/CVE-2022-43242", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:15:45", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow\nvulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc.\nThis vulnerability allows attackers to cause a Denial of Service (DoS) via\na crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2022-43236", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43236"], "modified": "2022-11-02T00:00:00", "id": "UB:CVE-2022-43236", "href": "https://ubuntu.com/security/CVE-2022-43236", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-08T13:58:11", "description": "libde265 v1.0.4 contains a heap buffer overflow in the\nput_weighted_bipred_16_fallback function, which can be exploited via a\ncrafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-21602", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21602"], "modified": "2021-09-16T00:00:00", "id": "UB:CVE-2020-21602", "href": "https://ubuntu.com/security/CVE-2020-21602", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-08T13:58:10", "description": "libde265 v1.0.4 contains a heap buffer overflow in the\nput_qpel_0_0_fallback_16 function, which can be exploited via a crafted a\nfile.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-21603", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21603"], "modified": "2021-09-16T00:00:00", "id": "UB:CVE-2020-21603", "href": "https://ubuntu.com/security/CVE-2020-21603", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-07T13:42:03", "description": "libde265 v1.0.4 contains a heap buffer overflow fault in the\nput_epel_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-21606", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21606"], "modified": "2021-09-16T00:00:00", "id": "UB:CVE-2020-21606", "href": "https://ubuntu.com/security/CVE-2020-21606", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T13:29:33", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function,\nwhich can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T00:00:00", "type": "ubuntucve", "title": "CVE-2020-21595", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21595"], "modified": "2021-09-16T00:00:00", "id": "UB:CVE-2020-21595", "href": "https://ubuntu.com/security/CVE-2020-21595", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cnvd": [{"lastseen": "2022-08-27T04:52:33", "description": "Libde265 is a German h.265 video codec. libde265 suffers from a security vulnerability that could be exploited by an attacker to cause a denial of service (DoS) by running a crafted file or application with unspecified other impact.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-13T00:00:00", "type": "cnvd", "title": "libde265 has an unspecified vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36409"], "modified": "2022-03-14T00:00:00", "id": "CNVD-2022-19085", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-19085", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-04T13:24:44", "description": "Libde265 is a German h.265 video codec. libde265 suffers from a buffer overflow vulnerability that stems from Cc functionally backing off epel hv when running the program dec265. No detailed vulnerability details are currently available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-13T00:00:00", "type": "cnvd", "title": "libde265 buffer overflow vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36410"], "modified": "2022-03-14T00:00:00", "id": "CNVD-2022-19086", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-19086", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-27T04:52:28", "description": "Libde265 is a German h.265 video codec. libde265 is vulnerable to an access control error, which can be exploited by attackers to cause segmentation errors and application crashes, resulting in a remote denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-13T00:00:00", "type": "cnvd", "title": "libde265 Access Control Error Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36411"], "modified": "2022-03-14T00:00:00", "id": "CNVD-2022-19087", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-19087", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-08T06:26:23", "description": "Libde265 is a German h.265 video codec. libde265 suffers from a resource management error vulnerability that stems from a Heap-use-after-free in intrapred.h when decoding files using dec265. No detailed vulnerability details are available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-13T00:00:00", "type": "cnvd", "title": "libde265 resource management error vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36408"], "modified": "2022-03-14T00:00:00", "id": "CNVD-2022-19084", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-19084", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T09:22:00", "description": "libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a stack buffer overflow vulnerability in the put_qpel_fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T00:00:00", "type": "cnvd", "title": "libde265 Stack Buffer Overflow Vulnerability (CNVD-2021-78433)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21601"], "modified": "2021-10-19T00:00:00", "id": "CNVD-2021-78433", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-78433", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T09:25:19", "description": "libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a global buffer overflow vulnerability in the decode_CABAC_bit function. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T00:00:00", "type": "cnvd", "title": "libde265 Global Buffer Overflow Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21596"], "modified": "2021-10-19T00:00:00", "id": "CNVD-2021-78428", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-78428", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T09:21:53", "description": "libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the ff_hevc_put_unweighted_pred_8_sse function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-17T00:00:00", "type": "cnvd", "title": "libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78430)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21598"], "modified": "2021-10-19T00:00:00", "id": "CNVD-2021-78430", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-78430", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T09:21:50", "description": "libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the put_weighted_pred_avg_16_fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T00:00:00", "type": "cnvd", "title": "libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78432)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21600"], "modified": "2021-10-19T00:00:00", "id": "CNVD-2021-78432", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-78432", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T09:21:52", "description": "libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the mc_chroma function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T00:00:00", "type": "cnvd", "title": "libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78429)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21597"], "modified": "2021-10-19T00:00:00", "id": "CNVD-2021-78429", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-78429", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T09:21:48", "description": "libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 has a heap buffer overflow vulnerability in the put_weighted_bipred_16_fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T00:00:00", "type": "cnvd", "title": "libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78434)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21602"], "modified": "2021-10-19T00:00:00", "id": "CNVD-2021-78434", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-78434", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T09:25:19", "description": "libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the put_qpel_0_0_fallback_16 function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T00:00:00", "type": "cnvd", "title": "libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-79732)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21603"], "modified": "2021-10-25T00:00:00", "id": "CNVD-2021-79732", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-79732", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T09:25:09", "description": "libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the put_epel_16_fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T00:00:00", "type": "cnvd", "title": "libde265 Heap Buffer Overflow Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21606"], "modified": "2021-10-25T00:00:00", "id": "CNVD-2021-79734", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-79734", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T09:16:11", "description": "libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the mc_luma function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-17T00:00:00", "type": "cnvd", "title": "libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78427)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21595"], "modified": "2021-10-25T00:00:00", "id": "CNVD-2021-78427", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-78427", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-05-24T10:10:13", "description": "There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-10T23:15:00", "type": "debiancve", "title": "CVE-2021-36409", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36409"], "modified": "2022-01-10T23:15:00", "id": "DEBIANCVE:CVE-2021-36409", "href": "https://security-tracker.debian.org/tracker/CVE-2021-36409", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T10:10:13", "description": "A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-10T23:15:00", "type": "debiancve", "title": "CVE-2021-36410", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36410"], "modified": "2022-01-10T23:15:00", "id": "DEBIANCVE:CVE-2021-36410", "href": "https://security-tracker.debian.org/tracker/CVE-2021-36410", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-24T10:10:13", "description": "An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-10T23:15:00", "type": "debiancve", "title": "CVE-2021-36411", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36411"], "modified": "2022-01-10T23:15:00", "id": "DEBIANCVE:CVE-2021-36411", "href": "https://security-tracker.debian.org/tracker/CVE-2021-36411", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43249", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43249", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43249", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-01-05T16:15:00", "type": "debiancve", "title": "CVE-2022-47655", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-47655"], "modified": "2023-01-05T16:15:00", "id": "DEBIANCVE:CVE-2022-47655", "href": "https://security-tracker.debian.org/tracker/CVE-2022-47655", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43252", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43252"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43252", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43252", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43250", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43250"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43250", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43250", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43241", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43241"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43241", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43241", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43253", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43253"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43253", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43253", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43235", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43235"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43235", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43235", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-24T10:10:13", "description": "An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-10T23:15:00", "type": "debiancve", "title": "CVE-2021-36408", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36408"], "modified": "2022-01-10T23:15:00", "id": "DEBIANCVE:CVE-2021-36408", "href": "https://security-tracker.debian.org/tracker/CVE-2021-36408", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43243", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43243"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43243", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43243", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:56:01", "description": "libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "debiancve", "title": "CVE-2020-21601", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21601"], "modified": "2021-09-16T22:15:00", "id": "DEBIANCVE:CVE-2020-21601", "href": "https://security-tracker.debian.org/tracker/CVE-2020-21601", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43245", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43245"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43245", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43245", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43244", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43244"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43244", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43244", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43239", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43239"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43239", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43239", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43237", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43237"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43237", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43237", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43240", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43240"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43240", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43240", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:56:01", "description": "libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "debiancve", "title": "CVE-2020-21596", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21596"], "modified": "2021-09-16T22:15:00", "id": "DEBIANCVE:CVE-2020-21596", "href": "https://security-tracker.debian.org/tracker/CVE-2020-21596", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:56:01", "description": "libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T22:15:00", "type": "debiancve", "title": "CVE-2020-21598", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21598"], "modified": "2021-09-16T22:15:00", "id": "DEBIANCVE:CVE-2020-21598", "href": "https://security-tracker.debian.org/tracker/CVE-2020-21598", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43248", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43248"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43248", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43248", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:56:01", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "debiancve", "title": "CVE-2020-21600", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21600"], "modified": "2021-09-16T22:15:00", "id": "DEBIANCVE:CVE-2020-21600", "href": "https://security-tracker.debian.org/tracker/CVE-2020-21600", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:56:01", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "debiancve", "title": "CVE-2020-21597", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21597"], "modified": "2021-09-16T22:15:00", "id": "DEBIANCVE:CVE-2020-21597", "href": "https://security-tracker.debian.org/tracker/CVE-2020-21597", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43238", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43238"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43238", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43238", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43242", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43242"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43242", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43242", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:11:59", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "debiancve", "title": "CVE-2022-43236", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43236"], "modified": "2022-11-02T14:15:00", "id": "DEBIANCVE:CVE-2022-43236", "href": "https://security-tracker.debian.org/tracker/CVE-2022-43236", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:56:01", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "debiancve", "title": "CVE-2020-21602", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21602"], "modified": "2021-09-16T22:15:00", "id": "DEBIANCVE:CVE-2020-21602", "href": "https://security-tracker.debian.org/tracker/CVE-2020-21602", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:56:01", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "debiancve", "title": "CVE-2020-21603", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21603"], "modified": "2021-09-16T22:15:00", "id": "DEBIANCVE:CVE-2020-21603", "href": "https://security-tracker.debian.org/tracker/CVE-2020-21603", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:56:02", "description": "libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "debiancve", "title": "CVE-2020-21606", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21606"], "modified": "2021-09-16T22:15:00", "id": "DEBIANCVE:CVE-2020-21606", "href": "https://security-tracker.debian.org/tracker/CVE-2020-21606", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T14:56:01", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "debiancve", "title": "CVE-2020-21595", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21595"], "modified": "2021-09-16T22:15:00", "id": "DEBIANCVE:CVE-2020-21595", "href": "https://security-tracker.debian.org/tracker/CVE-2020-21595", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-05-23T15:34:52", "description": "There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-10T23:15:00", "type": "cve", "title": "CVE-2021-36409", "cwe": ["CWE-617"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36409"], "modified": "2023-02-16T03:11:00", "cpe": ["cpe:/o:debian:debian_linux:11.0", "cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2021-36409", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36409", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:34:56", "description": "A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-10T23:15:00", "type": "cve", "title": "CVE-2021-36410", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36410"], "modified": "2023-02-16T03:12:00", "cpe": ["cpe:/o:debian:debian_linux:11.0", "cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2021-36410", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36410", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:34:51", "description": "An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-10T23:15:00", "type": "cve", "title": "CVE-2021-36411", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36411"], "modified": "2023-02-16T03:34:00", "cpe": ["cpe:/o:debian:debian_linux:11.0", "cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2021-36411", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36411", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:30", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43249", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2023-02-27T15:25:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43249", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43249", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:15:02", "description": "Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-01-05T16:15:00", "type": "cve", "title": "CVE-2022-47655", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-47655"], "modified": "2023-02-11T13:15:00", "cpe": ["cpe:/a:struktur:libde265:1.0.9", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-47655", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47655", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:29", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43250", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43250"], "modified": "2023-02-27T15:25:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43250", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43250", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:29", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43252", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43252"], "modified": "2023-02-27T15:25:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43252", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:28", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43241", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43241"], "modified": "2023-02-27T15:24:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43241", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43241", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:30", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43253", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43253"], "modified": "2023-02-27T15:26:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43253", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:27", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43235", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43235"], "modified": "2023-02-27T15:17:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43235", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43235", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:34:52", "description": "An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-10T23:15:00", "type": "cve", "title": "CVE-2021-36408", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36408"], "modified": "2023-02-16T03:10:00", "cpe": ["cpe:/o:debian:debian_linux:11.0", "cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2021-36408", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36408", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:29", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43243", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43243"], "modified": "2023-02-27T15:25:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43243", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43243", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:34:26", "description": "libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "cve", "title": "CVE-2020-21601", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21601"], "modified": "2023-02-11T13:15:00", "cpe": ["cpe:/a:struktur:libde265:1.0.4"], "id": "CVE-2020-21601", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21601", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:29", "description": "Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43245", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43245"], "modified": "2023-02-27T15:25:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43245", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43245", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:28", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43239", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43239"], "modified": "2023-02-27T15:23:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43239", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43239", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:29", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43244", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43244"], "modified": "2023-02-27T15:25:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43244", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43244", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:28", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43237", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43237"], "modified": "2023-02-27T15:18:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43237", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43237", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:28", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43240", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43240"], "modified": "2023-02-27T15:24:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43240", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43240", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:34:24", "description": "libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "cve", "title": "CVE-2020-21596", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21596"], "modified": "2023-02-22T18:02:00", "cpe": ["cpe:/a:struktur:libde265:1.0.4", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2020-21596", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21596", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:34:25", "description": "libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T22:15:00", "type": "cve", "title": "CVE-2020-21598", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21598"], "modified": "2023-02-22T18:02:00", "cpe": ["cpe:/a:struktur:libde265:1.0.4", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2020-21598", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21598", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:30", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43248", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43248"], "modified": "2023-02-27T15:25:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43248", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43248", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:34:25", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "cve", "title": "CVE-2020-21600", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21600"], "modified": "2023-02-11T13:15:00", "cpe": ["cpe:/a:struktur:libde265:1.0.4"], "id": "CVE-2020-21600", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21600", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:34:25", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "cve", "title": "CVE-2020-21597", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21597"], "modified": "2023-02-22T18:02:00", "cpe": ["cpe:/a:struktur:libde265:1.0.4", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2020-21597", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21597", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:28", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43238", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43238"], "modified": "2023-02-27T15:23:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43238", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43238", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:33", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43236", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43236"], "modified": "2023-02-27T15:18:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43236", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43236", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:07:29", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "cve", "title": "CVE-2022-43242", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43242"], "modified": "2023-02-27T15:25:00", "cpe": ["cpe:/a:struktur:libde265:1.0.8", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-43242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43242", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:struktur:libde265:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:34:25", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "cve", "title": "CVE-2020-21602", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21602"], "modified": "2023-02-11T13:15:00", "cpe": ["cpe:/a:struktur:libde265:1.0.4"], "id": "CVE-2020-21602", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21602", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:34:26", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "cve", "title": "CVE-2020-21603", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21603"], "modified": "2023-02-11T13:15:00", "cpe": ["cpe:/a:struktur:libde265:1.0.4"], "id": "CVE-2020-21603", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21603", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:34:26", "description": "libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "cve", "title": "CVE-2020-21606", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21606"], "modified": "2023-02-11T13:15:00", "cpe": ["cpe:/a:struktur:libde265:1.0.4"], "id": "CVE-2020-21606", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21606", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:34:24", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-16T22:15:00", "type": "cve", "title": "CVE-2020-21595", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21595"], "modified": "2023-02-11T13:15:00", "cpe": ["cpe:/a:struktur:libde265:1.0.4"], "id": "CVE-2020-21595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21595", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:struktur:libde265:1.0.4:*:*:*:*:*:*:*"]}], "alpinelinux": [{"lastseen": "2023-01-26T01:13:40", "description": "There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-10T23:15:00", "type": "alpinelinux", "title": "CVE-2021-36409", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36409"], "modified": "2022-12-15T21:15:00", "id": "ALPINE:CVE-2021-36409", "href": "https://security.alpinelinux.org/vuln/CVE-2021-36409", "cvss": {}}, {"lastseen": "2023-06-09T09:05:06", "description": "A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2021-36410", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36410"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2021-36410", "href": "https://security.alpinelinux.org/vuln/CVE-2021-36410", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2021-36411", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36411"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2021-36411", "href": "https://security.alpinelinux.org/vuln/CVE-2021-36411", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-47655", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-47655"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-47655", "href": "https://security.alpinelinux.org/vuln/CVE-2022-47655", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43249", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43249"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43249", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43249", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43250", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43250"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43250", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43250", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43252", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43252"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43252", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43252", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43253", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43253"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43253", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43253", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43241", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43241"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43241", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43241", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T00:25:30", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-02T14:15:00", "type": "alpinelinux", "title": "CVE-2022-43235", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-43235"], "modified": "2023-01-26T21:17:00", "id": "ALPINE:CVE-2022-43235", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43235", "cvss": {}}, {"lastseen": "2023-06-09T09:05:06", "description": "An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2021-36408", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36408"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2021-36408", "href": "https://security.alpinelinux.org/vuln/CVE-2021-36408", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43243", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43243"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43243", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43243", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2020-21601", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21601"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2020-21601", "href": "https://security.alpinelinux.org/vuln/CVE-2020-21601", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43245", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43245"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43245", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43245", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43239", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43239"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43239", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43239", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43244", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43244"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43244", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43244", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43237", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43237"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43237", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43237", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43240", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43240"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43240", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43240", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2020-21596", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21596"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2020-21596", "href": "https://security.alpinelinux.org/vuln/CVE-2020-21596", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2020-21598", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21598"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2020-21598", "href": "https://security.alpinelinux.org/vuln/CVE-2020-21598", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43248", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43248"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43248", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43248", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2020-21600", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21600"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2020-21600", "href": "https://security.alpinelinux.org/vuln/CVE-2020-21600", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2020-21597", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21597"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2020-21597", "href": "https://security.alpinelinux.org/vuln/CVE-2020-21597", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43238", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43238"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43238", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43238", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43236", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43236"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43236", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43236", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2022-43242", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43242"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2022-43242", "href": "https://security.alpinelinux.org/vuln/CVE-2022-43242", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2020-21602", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21602"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2020-21602", "href": "https://security.alpinelinux.org/vuln/CVE-2020-21602", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2020-21603", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21603"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2020-21603", "href": "https://security.alpinelinux.org/vuln/CVE-2020-21603", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2020-21606", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21606"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2020-21606", "href": "https://security.alpinelinux.org/vuln/CVE-2020-21606", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-09T09:05:06", "description": "libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-06-09T09:04:05", "type": "alpinelinux", "title": "CVE-2020-21595", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-21595"], "modified": "2023-06-09T09:04:05", "id": "ALPINE:CVE-2020-21595", "href": "https://security.alpinelinux.org/vuln/CVE-2020-21595", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}