CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 3 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-49337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes...

4.3CVSS5.9AI score0.00194EPSS

Tenable Nessus•added 3 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-49295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in...

OSV•added 5 days ago•8 views

DEBIAN-CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS5.8AI score0.00194EPSS

Exploits0References1

OSV•added 5 days ago•8 views

DEBIAN-CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

OSV•added 5 days ago•8 views

Exploits0References1

DEBIAN-CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

NVD•added 5 days ago•7 views

Exploits0References1

CVE-2026-49295

NVD•added 5 days ago•7 views

CVE-2026-49346

NVD•added 5 days ago•8 views

CVE-2026-49337

4.3CVSS0.00194EPSS

OSV•added 5 days ago•2 views

UBUNTU-CVE-2026-49295

7.1CVSS5.8AI score0.00184EPSS

Exploits0References3

OSV•added 5 days ago•2 views

UBUNTU-CVE-2026-49346

OSV•added 5 days ago•2 views

Exploits0References3

UBUNTU-CVE-2026-49337

4.3CVSS5.8AI score0.00194EPSS

Exploits0References3

ATTACKERKB•added 5 days ago•5 views

CVE-2026-49346

Exploits0References3Affected Software1

CVE•added 5 days ago•18 views

CVE-2026-49346

CVE-2026-49346 affects libde265 up to version 1.0.x; a crafted H.265 bitstream with large SPS dimensions and 16-bit depth triggers a signed integer overflow in de265_image_get_buffer(), causing an undersized allocation (~1 KB) but later writing ~4 GB due to size_t math in fill_image. This is fixe...

Debian CVE•added 5 days ago•5 views

CVE-2026-49346

Cvelist•added 5 days ago•20 views

Exploits0

CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow

Cvelist•added 5 days ago•18 views

CVE-2026-49295 libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS

ATTACKERKB•added 5 days ago•6 views

CVE-2026-49295

Exploits0References3Affected Software1

CVE•added 5 days ago•16 views

CVE-2026-49295

CVE-2026-49295 affects libde265. Before version 1.0.20, crafted H.265 bitstreams can trigger an out-of-bounds write in decoder_context::process_reference_picture_set() due to a missing aggregate bound check on predicted short-term reference picture set entries; while individual list sizes are che...

Debian CVE•added 5 days ago•4 views

CVE-2026-49295