UBUNTU-CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

SUSE CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

EUVD-2026-36295

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

gst-plugins-bad 缓冲区错误漏洞

gst-plugins-bad is a GStreamer open-source plugin. gst-plugins-bad has a buffer error vulnerability. This vulnerability stems from the H.265 codec parser library using incorrect loop boundaries when parsing SEI messages during the buffer period. As a result, the CPB values allocated for the stack...

Linux Distros Unpatched Vulnerability : CVE-2025-52293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

PT-2026-48158

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A segmentation violation occurs in the gf hevc read sps bs internal function within the media tools/av parsers.c file. This issue allows attackers to cause a Denial of Service DoS by providing specially...

CVE-2026-43310

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

Ubuntu 16.04 LTS / 18.04 LTS : GStreamer Bad Plugins vulnerabilities (USN-8205-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8205-1 advisory. It was discovered that multiple plugins in GStreamer contained arithmetic overflows. An attacker could possibly use this issue to cause...

ALPINE-CVE-2026-33164

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

EUVD-2026-12121

GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

Structure AG Libde265 安全漏洞

Structure AG Libde265 is a h.265 video codec developed by the German company Structure AG. There is a security vulnerability in Structure AG Libde265, which stems from a segmentation violation in the decoder context::computeframedroptable component...

H.265/HEVC Video Steganalysis Based on CU Block Structure Gradients and IPM Mapping

Existing H.265/HEVC video steganalysis research mainly focuses on statistical feature modeling at the levels of motion vectors MV, intra prediction modes IPM, or transform coefficients. In contrast, studies targeting the coding-structure level - especially the analysis of block-level steganograph...

MGASA-2025-0264 Updated gstreamer1.0-plugins-bad packages fix security vulnerability

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2025-3887...

gstreamer1-plugins-bad-free: mingw-gstreamer1-plugins-bad-free: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

A flaw was found in GStreamer H265 Codec Parsing gstreamer1-plugins-bad-free. This vulnerability allows remote attackers to execute arbitrary code by parsing H265 slice headers...

gstreamer1-plugins-bad-free: mingw-gstreamer1-plugins-bad-free: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

A flaw was found in GStreamer H265 Codec Parsing gstreamer1-plugins-bad-free. This vulnerability allows remote attackers to execute arbitrary code by parsing H265 slice headers...

GStreamer 安全漏洞

GStreamer is a GStreamer open source set of frameworks for processing streaming media. A security vulnerability exists in GStreamer that stems from not properly validating the data length when parsing H265 slice headers, which could lead to remote code execution...

SUSE CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

UBUNTU-CVE-2024-35921

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed i...

The vulnerability of the read_coding_unit function (slice.cc) in the h.265 Libde265 video codec implementation, which allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the readcodingunit function slice.cc in the h.265 Libde265 video codec implementation is related to the output of operations that occur outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to influence the confidentiality, integrity, and...

The vulnerability of the put_weighted_pred_avg_16_fallback() function (fallback-motion.cc) in the implementation of the h.265 Libde265 video codec allows a perpetrator to trigger a service failure.

The vulnerability of the putweightedpredavg16fallback function in the fallback-motion.cc implementation of the h.265 Libde265 codec is related to the occurrence of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to trigger a service...