Lucene search
K

1116 matches found

Cvelist
Cvelist
added 2026/06/19 8:12 p.m.21 views

CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS0.00227EPSS
Exploits1References2
CVE
CVE
added 2026/06/19 8:9 p.m.24 views

CVE-2026-49295

CVE-2026-49295 affects libde265. Before version 1.0.20, crafted H.265 bitstreams can trigger an out-of-bounds write in decoder_context::process_reference_picture_set() due to a missing aggregate bound check on predicted short-term reference picture set entries; while individual list sizes are che...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:9 p.m.6 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/19 8:9 p.m.6 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.9AI score0.00227EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/19 8:9 p.m.21 views

CVE-2026-49295 libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS0.00227EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:53 p.m.8 views

CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/19 7:53 p.m.6 views

CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS5.8AI score0.00194EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/19 7:53 p.m.19 views

CVE-2026-49337 libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:53 p.m.19 views

CVE-2026-49337

CVE-2026-49337 affects libde265 prior to 1.0.20. A crafted sequence of H.265 NAL units lets decoder_context::read_slice_NAL() attach slice headers to a finished picture object with no active image unit, causing attacker-controlled unbounded heap growth. The headers are retained until the picture ...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in libde265

The Buffer Overflow vulnerability in the strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service through the slicesegmentheader function in the slice.cc component...

6.5CVSS6.6AI score0.00766EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.14 contains a heap-buffer-overflow vulnerability in the derivecombinedbipredictivemergingcandidates function at motion.cc...

8.8CVSS6.4AI score0.00775EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.14 contains a global buffer overflow vulnerability in the readcodingunit function at slice.cc...

8.8CVSS6.7AI score0.00874EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of mcchroma in the motion.cc library. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a specially crafted video file...

6.5CVSS6.6AI score0.00844EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the ffhevcputhevcqpelh2v1sse function in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a crafted video file...

6.5CVSS6.8AI score0.00844EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of putqpel00fallback16 in the fallback-motion.cc file. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a specially crafted video file...

6.5CVSS6.8AI score0.00844EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of unsigned short in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a crafted video file...

6.5CVSS6.6AI score0.00844EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libde265

Libde265 v1.0.4 contains a heap buffer overflow in the mcchroma function, which can be exploited through a specially crafted file...

6.5CVSS6.9AI score0.01438EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libde265

Libde265 v1.0.4 contains a heap buffer overflow in the ffhevcputunweightedpred8sse function, which can be exploited through a specially crafted file...

8.8CVSS7.6AI score0.01687EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in libde265

Libde265 v1.0.4 contains a heap buffer overflow in the de265image::availablezscan function, which can be exploited through a specially crafted file...

6.5CVSS7AI score0.01337EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in libde265

Libde265 v1.0.4 contains a stack buffer overflow in the putqpelfallback function, which can be exploited through a specially crafted file...

6.5CVSS7AI score0.01019EPSS
Exploits1References2
Rows per page
Query Builder