65 matches found
CVE-2026-49346
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...
CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...
PT-2026-51028
Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.1.0 Description An open source implementation of the h.265 video codec contains a signed integer overflow in the de265 image get buffer function. This occurs when processing a crafted H.265 bitstream with 16-bit bi...
CVE-2026-53702 Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser
A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...
CVE-2026-53702
A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...
PT-2026-48158
Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A segmentation violation occurs in the gf hevc read sps bs internal function within the media tools/av parsers.c file. This issue allows attackers to cause a Denial of Service DoS by providing specially...
MongoDB Server 日志信息泄露漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server where log information may be leaked...
CVE-2026-46344 liboqs: Heap-buffer-overflow in XMSS verification path via OID-controlled parameter mismatch (xmss_commons.c:194)
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...
CVE-2026-46344
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...
CVE-2026-46344 liboqs: Heap-buffer-overflow in XMSS verification path via OID-controlled parameter mismatch (xmss_commons.c:194)
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.12 contains multiple buffer overflows due to vulnerabilities in the numtilecolumns and numtilerow parameters of the picparameterset::dump function...
JLSEC-2026-158
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...
JLSEC-2026-159
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...
CVE-2026-33165
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the setderivedvalues function of the picparameterset component when processing a malformed H.265 PPS NAL unit. An attacker can cause a segmentation fault and crash the application by supplying specially...
CVE-2026-33164
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...
ALPINE-CVE-2026-33164
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...
CVE-2026-33164
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...
EUVD-2026-13810
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...
CVE-2026-33164
libde265 prior to version 1.0.17 is vulnerable to a segmentation fault caused by a malformed H.265 PPS NAL unit in pic_parameter_set::set_derived_values(). The issue has a fix in version 1.0.17, which patches the fault. Affected component is the libde265 H.265 decoder; impact is a crash/segmentat...