19 matches found
JLSEC-2026-159
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...
CVE-2026-33165
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...
CVE-2026-33165
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...
CVE-2026-33165
libde265 prior to v1.0.17 is affected by a heap out-of-bounds write triggered by a crafted HEVC bitstream. The root cause is a stale ctb_info.log2unitSize after an SPS change, where PicWidthInCtbsY and PicHeightInCtbsY remain constant while Log2CtbSizeY changes, causing set_SliceHeaderIndex to in...
CVE-2026-33165 heap out-of-bounds write in libde265 1.0.16
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...
EUVD-2026-13812
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...
CVE-2026-33165
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...
PT-2026-26678
Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.17 Description libde265 is an open source implementation of the h.265 video codec. A crafted HEVC bitstream can cause an out-of-bounds heap write. This occurs due to a stale ctb info.log2unitSize after an SPS...
CVE-2025-27091
OpenH264 decoding vulnerability (CVE-2025-27091) affects OpenH264 2.5.0 and earlier in both SVC and AVC modes. A race condition between SPS memory allocation and subsequent non-IDR NAL memory usage can enable a remote, unauthenticated attacker to trigger a heap overflow by delivering a crafted bi...
CVE-2022-48434
libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...
DEBIAN-CVE-2018-7752
GPAC through 0.7.1 has a Buffer Overflow in the gfmediaavcreadsps function in mediatools/avparsers.c, a different vulnerability than CVE-2018-1000100...
UBUNTU-CVE-2016-3828
decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28835995...
DEBIAN-CVE-2015-8217
The ffhevcparsesps function in libavcodec/hevcps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted High Efficiency Video Coding HEVC da...
DEBIAN-CVE-2014-9319
The ffhevcdecodenalsps function in libavcodec/hevcps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds access via a crafted .bit file...
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
This module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file specifically the Sequence Parameter Set, Flash will see if picordercnttype is equal to 1, which sets the numrefframesinpicordercntcycle field, and then blindly copies data in...
Adobe Flash Player MP4 Sequence Parameter Set Processing
Added: 02/09/2012 CVE: CVE-2011-2140 BID: 49083 OSVDB: 74439 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player Sub1005B396 function allows command execution when a user opens a specially crafted .swf file...
Adobe Flash Player MP4 Sequence Parameter Set Processing
Added: 02/09/2012 CVE: CVE-2011-2140 BID: 49083 OSVDB: 74439 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player Sub1005B396 function allows command execution when a user opens a specially crafted .swf file...
Adobe Flash Player MP4 Sequence Parameter Set Processing
Added: 02/09/2012 CVE: CVE-2011-2140 BID: 49083 OSVDB: 74439 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player Sub1005B396 function allows command execution when a user opens a specially crafted .swf file...
Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...