JLSEC-2026-158

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

Important: libde265

Issue Overview: libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17. CVE-2026-33164 libde265 is an open source...

CVE-2024-34667

Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability...

EUVD-2024-34966

Malicious code in bioql PyPI...

ROS-20250625-01

Vulnerability of ffhevcputweightedpredavg8sse function of h.265 Libde265 video codec implementation is related to operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service using a specially crafted vid...

ROS-20250624-12

Vulnerability of putqpelfallback function fallback-motion.cc of h.265 video codec implementation Libde265 is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the mcchroma function...

[SECURITY] [DLA 4219-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4219-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk June 17, 2025 https://wiki.debian.org/LTS -...

Debian dla-4219 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4219 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4219-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DSA 5941-1] gst-plugins-bad1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5941-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2025 https://www.debian.org/security/faq -...

CVE-2024-34667

Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability...

CVE-2024-34667

Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability...

libde265: Multiple Vulnerabilities

Background Open h.265 video codec implementation. Description Multiple vulnerabilities have been discovered in libde265. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

Libde265 Security Vulnerability

Structure AG Libde265 is an h.265 video codec from Structure AG, Germany. A security vulnerability exists in Libde265 version v1.0.15, which stems from a buffer overflow issue in the interceptormemcpy function, which could lead to a crash...

RLSA-2024:3060 Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3060 advisory. gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474 gstreamer-plugins-bad:...

Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2024-3060)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3060 advisory. - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow - Patch CVE-2023-40476: Integer overflow in H.265 video parser Tenabl...

gstreamer1-plugins-bad-free security update

1.16.1-4.0.1 - Update origin URL Orabug: 36209826 1.16.1-4 - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow - Patch CVE-2023-40476: Integer overflow in H.265 video parser - Resolves: RHEL-19500, RHEL-19504, RHEL-19507 1.16.1-3 - Bump to avoid conflict with z strea...

Moderate: Red Hat Security Advisory: gstreamer1-plugins-bad-free security update

An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2024:3060 Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...