1116 matches found
CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...
CVE-2026-49295
CVE-2026-49295 affects libde265. Before version 1.0.20, crafted H.265 bitstreams can trigger an out-of-bounds write in decoder_context::process_reference_picture_set() due to a missing aggregate bound check on predicted short-term reference picture set entries; while individual list sizes are che...
CVE-2026-49295
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...
CVE-2026-49295
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...
CVE-2026-49295 libde265 has an out-of-bounds write in process_reference_picture_set via predicted short-term RPS
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...
CVE-2026-49337
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...
CVE-2026-49337
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...
CVE-2026-49337 libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...
CVE-2026-49337
CVE-2026-49337 affects libde265 prior to 1.0.20. A crafted sequence of H.265 NAL units lets decoder_context::read_slice_NAL() attach slice headers to a finished picture object with no active image unit, causing attacker-controlled unbounded heap growth. The headers are retained until the picture ...
Astra Linux – Vulnerability in libde265
The Buffer Overflow vulnerability in the strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service through the slicesegmentheader function in the slice.cc component...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.14 contains a heap-buffer-overflow vulnerability in the derivecombinedbipredictivemergingcandidates function at motion.cc...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.14 contains a global buffer overflow vulnerability in the readcodingunit function at slice.cc...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of mcchroma in the motion.cc library. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a specially crafted video file...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the ffhevcputhevcqpelh2v1sse function in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a crafted video file...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of putqpel00fallback16 in the fallback-motion.cc file. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a specially crafted video file...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of unsigned short in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a crafted video file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the mcchroma function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the ffhevcputunweightedpred8sse function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the de265image::availablezscan function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a stack buffer overflow in the putqpelfallback function, which can be exploited through a specially crafted file...