Astra Linux - уязвимость в libde265

It was discovered that libde265 v1.0.10 contains a NULL pointer dereferencing issue in the mcchroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...

@amoy/common v was discovered to contain a prototype pollution via the function extend

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39003

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38994

amoy common (amoyjs) v1.0.10 is affected by a prototype pollution vulnerability in the extend function. Attackers can craft arguments with a proto property to alter object prototypes, potentially leading to arbitrary code execution or Denial of Service. Mitigation notes from PT Security suggest d...

CVE-2024-38994

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39003

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38994

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39003

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2023-24758

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ffhevcputweightedpredavg8sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input file...

CVE-2023-24751

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mcchroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input file...

CVE-2023-24755

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the putweightedpred8fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input file...

CVE-2023-24757

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the putunweightedpred16fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input file...

CVE-2023-25221

CVE-2023-25221 affects libde265 v1.0.10, with a heap-buffer-overflow in derive_spatial_luma_vector_prediction (motion.cc). The vulnerability is tracked across multiple advisories and Debian notes, with the issue fixed in libde265-1.0.11 (per Debian DLA-3352-1) and showcased in Mageia's update to ...

CVE-2023-25221

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derivespatiallumavectorprediction function in motion.cc...

libde265 代码问题漏洞

Libde265 is a German h.265 video codec. A security vulnerability exists in libde265 version v1.0.10, which stems from a NULL pointer dereference issue found in the ffhevcputweightedpredavg8sse method of the sse-motion.cc file...

CVE-2023-25221

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derivespatiallumavectorprediction function in motion.cc...

CVE-2023-24751

CVE-2023-24751 affects libde265 v1.0.10, with a NULL pointer dereference in mc_chroma (motion.cc) leading to Denial of Service via crafted input. Public advisories (e.g., Debian DLA-3352-1) fix this by upgrading to libde265 1.0.11 (and related package updates). Other connected sources (Astra Linu...

CVE-2023-24754

CVE-2023-24754 affects libde265 v1.0.10. The vulnerability is a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function (sse-motion.cc), enabling Denial of Service via a crafted input file. Connected advisories confirm the same issue and indicate remediation: upgrade to newer...

CVE-2023-24756

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ffhevcputunweightedpred8sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input file...