60 matches found
CVE-2023-27103
CVE-2023-27103 affects libde265 v1.0.11. A heap buffer overflow is triggered in the function derive_collocated_motion_vectors in motion.cc. Impact described in Debian advisory: potential denial of service or execution of arbitrary code. Available fixes include Debian 1.0.11-0+deb10u5 and vendor a...
CVE-2022-1253
CVE-2022-1253 affects strukturg/libde265. It is a heap-based buffer overflow in the H.265 codec prior to 1.0.8. A fix was established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but has not yet been released officially. Debian security advisory DSA-5346-1 lists CVE-2022-1253 among fixed is...
CVE-2020-21597
CVE-2020-21597 affects the libde265 library. The provided documents describe a heap buffer overflow in the mc_chroma function of libde265 v1.0.4, exploitable via a crafted file. In practice, this can trigger a crash or DoS via malicious media files. Public advisories (Debian DSA-5346-1, Debian LT...
CVE-2021-36408
Libde265 vulnerability CVE-2021-36408 affects libde265 v1.0.8, with a Heap-use-after-free in intrapred.h during dec265 file decoding. Connected advisories confirm impact on multiple distributions and vendor bulletins indicate that fixes exist in newer libde265 releases (e.g., 1.0.11+ in Debian/Ub...
CVE-2022-43242
Libde265 v1.0.8 contains a heap-buffer-overflow in mc_luma (motion.cc), enabling DoS via a crafted video file (CVE-2022-43242). Affects libde265 (H.265 codec). Remediation: upgrade to libde265 1.0.11 or newer (per Debian/Ubuntu Gentoo advisories and related disclosures).
CVE-2020-21594
CVE-2020-21594 affects libde265, specifically a heap buffer overflow in the put_epel_hv_fallback function of version 1.0.4. Multiple connected advisories confirm this vulnerability and its remediation path. The issue can be triggered by processing a crafted media file, leading to potential denial...
CVE-2020-21602
CVE-2020-21602 affects libde265, specifically version 1.0.4, which contains a heap buffer overflow in the function put_weighted_bipred_16_fallback. The vulnerability can be triggered by processing a specially crafted file. Multiple connected advisories confirm the issue and link to downstream fix...
CVE-2022-43236
Libde265 v1.0.8 contains a stack-buffer-overflow via put_qpel_fallback in fallback-motion.cc, enabling DoS with a crafted video file. Debian advisory DSA-5346-1 fixes this by upgrading libde265 to 1.0.11; monitor for updates from affected vendors (Astra/CLOUD Foundry entries also reference this C...
CVE-2022-43237
Libde265 v1.0.8 contains a stack-buffer-overflow via void put_epel_hv_fallback in fallback-motion.cc, enabling DoS via a crafted video file. Evidence appears in multiple advisories (Debian DSA 5346-1; Cloud Foundry USN-6627-1; Gentoo GLSA 202408-20) and in Astra/FreeBSD security notes. Remediatio...
CVE-2020-21596
CVE-2020-21596 affects libde265 1.0.4, with a global buffer overflow in the decode_CABAC_bit function. A crafted file can exploit this, and multiple sources report potential denial of service outcomes (and related issues in the family of libde265 CVEs). Public technical details in connected docum...
CVE-2022-43244
Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability via put_qpel_fallback in fallback-motion.cc, enabling DoS through a crafted video file. Affected component: libde265 (H.265 codec). Root cause: heap-buffer overflow in fallback-motion.cc. Impact: Denial of Service; no exploitation deta...
CVE-2020-21599
CVE-2020-21599 affects libde265 version 1.0.4, with a heap buffer overflow in the de265_image::available_zscan function that can be triggered by a crafted file. The connected sources corroborate this vulnerability and its association with libde265’s H.265 decode path. Remediation is to upgrade to...
CVE-2022-43243
Libde265 v1.0.8 contains a heap-buffer-overflow via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc, enabling Denial of Service with a crafted video file. Multiple connected advisories document this CVE and recommend upgrading libde265 to fixed releases (e.g., through Debian/DLA-3280-1, Clou...
CVE-2020-21598
CVE-2020-21598 affects libde265 v1.0.4, where a heap buffer overflow in ff_hevc_put_unweighted_pred_8_sse can be triggered by a crafted file. Public advisories (e.g., Debian/DLA-3280-1 and Gentoo GLSA) indicate upgrading libde265 to 1.0.11 or newer to remediate. Other connected sources reiterate ...
CVE-2021-36410
CVE-2021-36410 is a stack-buffer-overflow in the libde265 H.265 codec library (v1.0.8) triggered via fallback-motion.cc in put_epel_hv_fallback when running dec265. Public records indicate multiple advisories recommending upgrading libde265 to a newer release (e.g., 1.0.11 or later): Debian DSA-5...
CVE-2022-47655
CVE-2022-47655 affects libde265 1.0.9, vulnerable to a buffer overflow in the template-instantiated function put_qpel_fallback. CVSS v3.1 base score 7.8 (HIGH) with LOCAL attack vector, no privileges required, user interaction required, and impact on confidentiality, integrity, and availability. ...
CVE-2022-43239
CVE-2022-43239 affects libde265 v1.0.8, where a heap-buffer-overflow in mc_chroma (motion.cc) can cause Denial of Service via a crafted video file. The connected advisories/documentation confirm the same root cause and indicate the issue has been addressed by upstream fixes in later libde265 vers...
CVE-2022-43250
CVE-2022-43250 affects libde265 v1.0.8. A heap-buffer-overflow in put_qpel_0_0_fallback_16 (fallback-motion.cc) can allow a crafted video file to trigger a Denial of Service. Connected advisories confirm multiple vendors require upgrades to newer libde265 releases to mitigate, e.g. Debian DSA-534...
CVE-2022-43252
CVE-2022-43252 affects libde265 v1.0.8 and is a heap-buffer-overflow in put_epel_16_fallback (fallback-motion.cc), enabling DoS via a crafted video file. Publicly documented instances reference the issue across multiple OS advisories (Debian DSA 5346-1 for Debian, USN 6627-1 for Cloud Foundry, Ge...
CVE-2022-43253
CVE-2022-43253 affects Libde265 v1.0.8 and describes a heap-buffer-overflow in fallback-motion.cc: put_unweighted_pred_16_fallback, leading to Denial of Service via a crafted video file. Connected sources corroborate the same issue across multiple advisories and trackers. Public details specify t...
CVE-2021-35452
CVE-2021-35452 affects libde265 v1.0.8, with an Incorrect Access Control vulnerability caused by a SEGV in slice.cc. Exploitation could lead to denial of service and, in some advisories, potential arbitrary code execution via crafted media files. Public details in connected documents indicate rem...
CVE-2020-21600
Summary of CVE-2020-21600 : libde265 version 1.0.4 contains a heap buffer overflow in the function put_weighted_pred_avg_16_fallback. This can be exploited via a crafted file, potentially leading to denial of service or arbitrary code execution per publicly referenced notes. Public advisories acr...
CVE-2020-21601
CVE-2020-21601 affects libde265 version 1.0.4 and describes a stack buffer overflow in the put_qpel_fallback function exploitable via a crafted file. Public/affecting documents corroborate this vulnerability in libde265 1.0.4. Remediation across connected sources specifies upgrading to libde265 1...
CVE-2021-36411
CVE-2021-36411 affects libde265 v1.0.8, with a root cause in incorrect access control causing a segmentation fault (SEGV) from a READ memory access in derive_boundaryStrength (deblock.cc). This leads to a remote denial of service via application crash. Publicly documented impact is DoS potential;...
CVE-2022-43240
CVE-2022-43240 affects libde265 v1.0.8 and is described as a heap-buffer-overflow in ff_hevc_put_hevc_qpel_h_2_v_1_sse within sse-motion.cc, leading to potential Denial of Service via crafted video files. Multiple connected sources corroborate the same vulnerability and scope across distributions...
CVE-2022-43249
Libde265 1.0.8 contains a heap-buffer-overflow in put_epel_hv_fallback (fallback-motion.cc), enabling DoS via a crafted video file. Affected software/version: libde265 v1.0.8. Root cause and impact are as described in multiple connected advisories, which consistently cite Denial of Service when p...
CVE-2023-27102
CVE-2023-27102 affects libde265 v1.0.11. A segmentation violation is triggered in decoder_context::process_slice_segment_header (decctx.cc). Public references describe potential denial of service, with network-attack exposure per CVSS and related advisories. Ubuntu/USN-6677-1 and Debian/ DLA-3676...
CVE-2022-43248
CVE-2022-43248 affects libde265 v1.0.8. A heap-buffer-overflow via put_weighted_pred_avg_16_fallback in fallback-motion.cc allows a crafted video file to trigger a Denial of Service. Publicly documented details appear in multiple advisories (Debian, Gentoo, Cloud Foundry, etc.). Remediation: upgr...
CVE-2022-43241
CVE-2022-43241 affects Libde265 v1.0.8 and is described as an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc, enabling Denial of Service through a crafted video file. Technical details across connected docs confirm the vulnerability is tied to the H.265 libde265 implementation...
CVE-2022-43238
CVE-2022-43238 affects Libde265 v1.0.8 and is due to an unknown crash in ff_hevc_put_hevc_qpel_h_3_v_3_sse within sse-motion.cc, allowing DoS via a crafted video file. Public advisoriesconfirm a DoS impact; several vendors advise upgrading. Remediation (examples): upgrade to libde265 1.0.11+ (Deb...
CVE-2022-43245
CVE-2022-43245 affects libde265 v1.0.8 and is a segmentation fault in apply_sao_internal (sao.cc) that enables Denial of Service via a crafted video file. Public documents tie this to multiple distributions and advisories (Debian DSA 5346-1, USN/LTS notes, Gentoo GLSA, AstraLinux, Alpine Linux, F...
CVE-2020-21604
CVE-2020-21604 affects libde265 v1.0.4, with a heap buffer overflow in the _mm_loadl_epi64 function. The vulnerability can be triggered by a crafted file, potentially causing denial of service. Advisories (Debian, Alpine, Gentoo) instruct upgrading to libde265-1.0.11 or newer. If you rely on libd...
CVE-2020-21603
CVE-2020-21603 affects libde265 v1.0.4, with a heap buffer overflow in the put_qpel_0_0_fallback_16 function that can be exploited via a crafted file. Documents from Debian and Gentoo indicate multiple vendors have patched libde265 and advise upgrading to a fixed release (e.g., Debian’s 1.0.11 an...
CVE-2020-21606
CVE-2020-21606 affects libde265 v1.0.4, with a heap buffer overflow in the put_epel_16_fallback function. The vulnerability can be exploited by processing a specially crafted file, as noted across multiple sources. Public references describe the issue consistently as a heap-based overflow in libd...
CVE-2021-36409
CVE-2021-36409 affects libde265 (v1.0.8) and is caused by an Assertion failure scaling_list_pred_matrix_id_delta==1 in sps.cc:925, which can lead to Denial of Service when decoding a crafted file. Multiple connected sources confirm the same issue and indicate DoS potential (and possible unspecifi...
CVE-2020-21595
CVE-2020-21595 affects libde265 v1.0.4, with a heap buffer overflow in the mc_luma function exploitable by crafted files. Public entries reference libde265 fixes (1.0.11) via Debian security advisories and Gentoo GLSA; Astra/Linux and CNVD entries corroborate the same issue. No exploit details or...
CVE-2020-21605
CVE-2020-21605 affects libde265 v1.0.4, where a segmentation fault in the apply_sao_internal function can be triggered by processing a crafted file, potentially enabling a denial-of-service. Connected advisories corroborate the issue and point to multiple distributions addressing it by upgrading ...
CVE-2022-47665
CVE-2022-47665 concerns a heap buffer overflow in libde265 1.0.9, specifically in de265_image::set_SliceAddrRS(int, int, int). Multiple vendor advisories confirm the issue and indicate that upgrading to libde265 1.0.11 or newer mitigates/fixes the vulnerability (e.g., Gentoo GLSA 2024-08-20, Mage...
CVE-2023-25221
CVE-2023-25221 affects libde265 v1.0.10, with a heap-buffer-overflow in derive_spatial_luma_vector_prediction (motion.cc). The vulnerability is tracked across multiple advisories and Debian notes, with the issue fixed in libde265-1.0.11 (per Debian DLA-3352-1) and showcased in Mageia's update to ...
CVE-2023-24752
libde265 v1.0.10 is affected by a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function (sse-motion.cc), enabling DoS via a crafted input file. This CVE is documented in multiple sources (e.g., Debian DLA-3352-1) and is addressed by upgrading to a fixed release (e.g., libde2...
CVE-2023-24757
CVE-2023-24757 affects libde265 v1.0.10 and is caused by a NULL pointer dereference in the put_unweighted_pred_16_fallback function (fallback-motion.cc), leading to Denial of Service via a crafted input file. Multiple vendor advisories (Debian DLA-3352-1, Mageia MGASA-2023-0093) and Gentoo GLSA r...
CVE-2023-24751
CVE-2023-24751 affects libde265 v1.0.10, with a NULL pointer dereference in mc_chroma (motion.cc) leading to Denial of Service via crafted input. Public advisories (e.g., Debian DLA-3352-1) fix this by upgrading to libde265 1.0.11 (and related package updates). Other connected sources (Astra Linu...
CVE-2023-24755
CVE-2023-24755 concerns libde265 v1.0.10, where a NULL pointer dereference in the function put_weighted_pred_8_fallback (fallback-motion.cc) allows a crafted input file to trigger a Denial of Service. Public advisories confirm the issue and list v1.0.11 as the fix (e.g., Debian DLA-3352-1). Remed...
CVE-2023-24754
CVE-2023-24754 affects libde265 v1.0.10. The vulnerability is a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function (sse-motion.cc), enabling Denial of Service via a crafted input file. Connected advisories confirm the same issue and indicate remediation: upgrade to newer...
CVE-2023-24756
CVE-2023-24756 affects libde265 v1.0.10 with a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function (sse-motion.cc), enabling Denial of Service via crafted input files. Debian’s DLA-3352-1 notes a fix to v1.0.11; Mageia also references an updated libde265 (v1.0.11). Other co...
CVE-2022-47664
CVE-2022-47664 relates to libde265 1.0.9, where a buffer overflow occurs in the function ff_hevc_put_hevc_qpel_pixels_8_sse. The issue is reachable locally and requires user interaction, with high impact on confidentiality, integrity, and availability as indicated by CVSS v3.1 metrics. Public adv...
CVE-2022-43235
CVE-2022-43235 — libde265 heap-buffer-overflow . Libde265 v1.0.8 contains a heap-buffer-overflow in the function set by ff_hevc_put_hevc_epel_pixels_8_sse (sse-motion.cc), which can cause a Denial of Service when processing a crafted video file. The vulnerability is reported across multiple advis...
CVE-2023-43887
CVE-2023-43887 affects Libde265, with v1.0.12 containing multiple buffer overflows in pic_parameter_set::dump triggered by num_tile_columns and num_tile_row. Connected sources corroborate broader libde265 issues and note related CVEs (27102, 27103, 47471, 49465, 49467, 49468). Public details spec...
CVE-2023-24758
CVE-2023-24758 affects libde265 (v1.0.10) and is a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function (sse-motion.cc), leading to a Denial of Service via crafted input. Multiple connected sources confirm the same issue and point to a fix in newer libde265 releases (e.g.,...
CVE-2024-38949
CVE-2024-38949 describes a Heap Buffer Overflow in Libde265 v1.0.15, caused by a crafted payload that triggers the display444as420 function in sdl.cc, leading to application crash. Multiple connected sources confirm the same flaw across various databases (NVD/Nessus/Veracode/etc.). The provided d...