Lucene search

RedosROS-20230320-02

HistoryMar 20, 2023 - 12:00 a.m.

ROS-20230320-02

2023-03-2000:00:00

redos.red-soft.ru

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.8%

JSON

A vulnerability in libde265 involves copying an input buffer to an output buffer without checking that the size of the input buffer is less than the size of the output buffer, resulting in a buffer overflow in the
of the input buffer is smaller than the output buffer, resulting in a buffer overflow in the
ff_hevc_put_hevc_qpel_pixels_8_sse. Exploitation of the vulnerability could allow an attacker to overflow the
the buffer.

The vulnerability in libde265 is related to the heap buffer overflow in de265_image::set_SliceAddrRS(int,
int, int). Exploitation of the vulnerability could allow an attacker to perform an out-of-bounds write.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64libde265<= 1.0.11-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	libde265	<= 1.0.11-1	UNKNOWN

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.8%

JSON

Related for ROS-20230320-02