Lucene search
+L

27 matches found

NVD
NVD
added 2026/06/19 9:17 p.m.14 views

CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS0.00227EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/19 8:12 p.m.27 views

CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS0.00227EPSS
Exploits1References2
OSV
OSV
added 2026/06/19 8:12 p.m.3 views

CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS6AI score0.00227EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51028

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.1.0 Description An open source implementation of the h.265 video codec contains a signed integer overflow in the de265 image get buffer function. This occurs when processing a crafted H.265 bitstream with 16-bit bi...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2026/06/11 6:15 p.m.10 views

CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.7AI score0.00228EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/11 6:15 p.m.42 views

CVE-2026-53702 Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48158

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A segmentation violation occurs in the gf hevc read sps bs internal function within the media tools/av parsers.c file. This issue allows attackers to cause a Denial of Service DoS by providing specially...

7.5CVSS5.2AI score0.00467EPSS
Exploits1References5
OSV
OSV
added 2026/06/09 12:0 a.m.4 views

CVE-2025-52293

A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...

7.5CVSS5.9AI score0.00467EPSS
Exploits1References4
OSV
OSV
added 2026/04/20 7:31 p.m.11 views

JLSEC-2026-159

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5CVSS5.6AI score0.00232EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.13 views

CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/20 8:32 p.m.4 views

EUVD-2026-13812

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/20 8:32 p.m.6 views

CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.2AI score0.00232EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/20 8:32 p.m.5 views

CVE-2026-33165 heap out-of-bounds write in libde265 1.0.16

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References3
CVE
CVE
added 2026/03/20 8:32 p.m.28 views

CVE-2026-33165

libde265 prior to v1.0.17 is affected by a heap out-of-bounds write triggered by a crafted HEVC bitstream. The root cause is a stale ctb_info.log2unitSize after an SPS change, where PicWidthInCtbsY and PicHeightInCtbsY remain constant while Log2CtbSizeY changes, causing set_SliceHeaderIndex to in...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/20 8:32 p.m.3 views

CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26678

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.17 Description libde265 is an open source implementation of the h.265 video codec. A crafted HEVC bitstream can cause an out-of-bounds heap write. This occurs due to a stale ctb info.log2unitSize after an SPS...

5.5CVSS5.8AI score0.00232EPSS
Exploits1References19
CVE
CVE
added 2025/02/20 5:50 p.m.108 views

CVE-2025-27091

OpenH264 decoding vulnerability (CVE-2025-27091) affects OpenH264 2.5.0 and earlier in both SVC and AVC modes. A race condition between SPS memory allocation and subsequent non-IDR NAL memory usage can enable a remote, unauthenticated attacker to trigger a heap overflow by delivering a crafted bi...

8.6CVSS6.9AI score0.00639EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/03/29 5:15 p.m.3 views

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

8.1CVSS7AI score0.01512EPSS
Exploits1References9
OSV
OSV
added 2018/03/07 11:29 p.m.5 views

DEBIAN-CVE-2018-7752

GPAC through 0.7.1 has a Buffer Overflow in the gfmediaavcreadsps function in mediatools/avparsers.c, a different vulnerability than CVE-2018-1000100...

7.8CVSS8.3AI score0.01525EPSS
Exploits0References1
OSV
OSV
added 2016/08/05 8:59 p.m.4 views

UBUNTU-CVE-2016-3828

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28835995...

5.5CVSS6.5AI score0.00574EPSS
Exploits0References4
Rows per page
Query Builder