Lucene search
K
StrukturLibde265

60 matches found

CVE
CVE
added 2023/03/15 12:0 a.m.146 views

CVE-2023-27103

CVE-2023-27103 affects libde265 v1.0.11. A heap buffer overflow is triggered in the function derive_collocated_motion_vectors in motion.cc. Impact described in Debian advisory: potential denial of service or execution of arbitrary code. Available fixes include Debian 1.0.11-0+deb10u5 and vendor a...

8.8CVSS8.7AI score0.0085EPSS
CVE
CVE
added 2022/04/06 12:0 a.m.134 views

CVE-2022-1253

CVE-2022-1253 affects strukturg/libde265. It is a heap-based buffer overflow in the H.265 codec prior to 1.0.8. A fix was established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but has not yet been released officially. Debian security advisory DSA-5346-1 lists CVE-2022-1253 among fixed is...

9.8CVSS8.5AI score0.0202EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.121 views

CVE-2020-21597

CVE-2020-21597 affects the libde265 library. The provided documents describe a heap buffer overflow in the mc_chroma function of libde265 v1.0.4, exploitable via a crafted file. In practice, this can trigger a crash or DoS via malicious media files. Public advisories (Debian DSA-5346-1, Debian LT...

6.5CVSS7.2AI score0.01547EPSS
CVE
CVE
added 2022/01/10 12:0 a.m.121 views

CVE-2021-36408

Libde265 vulnerability CVE-2021-36408 affects libde265 v1.0.8, with a Heap-use-after-free in intrapred.h during dec265 file decoding. Connected advisories confirm impact on multiple distributions and vendor bulletins indicate that fixes exist in newer libde265 releases (e.g., 1.0.11+ in Debian/Ub...

5.5CVSS5.5AI score0.00835EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.120 views

CVE-2022-43242

Libde265 v1.0.8 contains a heap-buffer-overflow in mc_luma (motion.cc), enabling DoS via a crafted video file (CVE-2022-43242). Affects libde265 (H.265 codec). Remediation: upgrade to libde265 1.0.11 or newer (per Debian/Ubuntu Gentoo advisories and related disclosures).

6.5CVSS7.3AI score0.00856EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.117 views

CVE-2020-21594

CVE-2020-21594 affects libde265, specifically a heap buffer overflow in the put_epel_hv_fallback function of version 1.0.4. Multiple connected advisories confirm this vulnerability and its remediation path. The issue can be triggered by processing a crafted media file, leading to potential denial...

6.5CVSS7.2AI score0.0122EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.115 views

CVE-2020-21602

CVE-2020-21602 affects libde265, specifically version 1.0.4, which contains a heap buffer overflow in the function put_weighted_bipred_16_fallback. The vulnerability can be triggered by processing a specially crafted file. Multiple connected advisories confirm the issue and link to downstream fix...

6.5CVSS7.2AI score0.01438EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.115 views

CVE-2022-43236

Libde265 v1.0.8 contains a stack-buffer-overflow via put_qpel_fallback in fallback-motion.cc, enabling DoS with a crafted video file. Debian advisory DSA-5346-1 fixes this by upgrading libde265 to 1.0.11; monitor for updates from affected vendors (Astra/CLOUD Foundry entries also reference this C...

6.5CVSS7.3AI score0.00856EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.115 views

CVE-2022-43237

Libde265 v1.0.8 contains a stack-buffer-overflow via void put_epel_hv_fallback in fallback-motion.cc, enabling DoS via a crafted video file. Evidence appears in multiple advisories (Debian DSA 5346-1; Cloud Foundry USN-6627-1; Gentoo GLSA 202408-20) and in Astra/FreeBSD security notes. Remediatio...

6.5CVSS7.3AI score0.00856EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.113 views

CVE-2020-21596

CVE-2020-21596 affects libde265 1.0.4, with a global buffer overflow in the decode_CABAC_bit function. A crafted file can exploit this, and multiple sources report potential denial of service outcomes (and related issues in the family of libde265 CVEs). Public technical details in connected docum...

6.5CVSS7.2AI score0.01492EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.113 views

CVE-2022-43244

Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability via put_qpel_fallback in fallback-motion.cc, enabling DoS through a crafted video file. Affected component: libde265 (H.265 codec). Root cause: heap-buffer overflow in fallback-motion.cc. Impact: Denial of Service; no exploitation deta...

6.5CVSS6.4AI score0.00844EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.112 views

CVE-2020-21599

CVE-2020-21599 affects libde265 version 1.0.4, with a heap buffer overflow in the de265_image::available_zscan function that can be triggered by a crafted file. The connected sources corroborate this vulnerability and its association with libde265’s H.265 decode path. Remediation is to upgrade to...

6.5CVSS7.2AI score0.01438EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.112 views

CVE-2022-43243

Libde265 v1.0.8 contains a heap-buffer-overflow via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc, enabling Denial of Service with a crafted video file. Multiple connected advisories document this CVE and recommend upgrading libde265 to fixed releases (e.g., through Debian/DLA-3280-1, Clou...

6.5CVSS7.3AI score0.00844EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.111 views

CVE-2020-21598

CVE-2020-21598 affects libde265 v1.0.4, where a heap buffer overflow in ff_hevc_put_unweighted_pred_8_sse can be triggered by a crafted file. Public advisories (e.g., Debian/DLA-3280-1 and Gentoo GLSA) indicate upgrading libde265 to 1.0.11 or newer to remediate. Other connected sources reiterate ...

8.8CVSS8.5AI score0.01814EPSS
CVE
CVE
added 2022/01/10 12:0 a.m.110 views

CVE-2021-36410

CVE-2021-36410 is a stack-buffer-overflow in the libde265 H.265 codec library (v1.0.8) triggered via fallback-motion.cc in put_epel_hv_fallback when running dec265. Public records indicate multiple advisories recommending upgrading libde265 to a newer release (e.g., 1.0.11 or later): Debian DSA-5...

5.5CVSS5.5AI score0.00859EPSS
CVE
CVE
added 2023/01/05 12:0 a.m.110 views

CVE-2022-47655

CVE-2022-47655 affects libde265 1.0.9, vulnerable to a buffer overflow in the template-instantiated function put_qpel_fallback. CVSS v3.1 base score 7.8 (HIGH) with LOCAL attack vector, no privileges required, user interaction required, and impact on confidentiality, integrity, and availability. ...

7.8CVSS7.3AI score0.00385EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.109 views

CVE-2022-43239

CVE-2022-43239 affects libde265 v1.0.8, where a heap-buffer-overflow in mc_chroma (motion.cc) can cause Denial of Service via a crafted video file. The connected advisories/documentation confirm the same root cause and indicate the issue has been addressed by upstream fixes in later libde265 vers...

6.5CVSS7.3AI score0.00844EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.109 views

CVE-2022-43250

CVE-2022-43250 affects libde265 v1.0.8. A heap-buffer-overflow in put_qpel_0_0_fallback_16 (fallback-motion.cc) can allow a crafted video file to trigger a Denial of Service. Connected advisories confirm multiple vendors require upgrades to newer libde265 releases to mitigate, e.g. Debian DSA-534...

6.5CVSS6.4AI score0.00844EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.108 views

CVE-2022-43252

CVE-2022-43252 affects libde265 v1.0.8 and is a heap-buffer-overflow in put_epel_16_fallback (fallback-motion.cc), enabling DoS via a crafted video file. Publicly documented instances reference the issue across multiple OS advisories (Debian DSA 5346-1 for Debian, USN 6627-1 for Cloud Foundry, Ge...

6.5CVSS7.3AI score0.00844EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.108 views

CVE-2022-43253

CVE-2022-43253 affects Libde265 v1.0.8 and describes a heap-buffer-overflow in fallback-motion.cc: put_unweighted_pred_16_fallback, leading to Denial of Service via a crafted video file. Connected sources corroborate the same issue across multiple advisories and trackers. Public details specify t...

6.5CVSS7.3AI score0.00844EPSS
CVE
CVE
added 2022/01/10 12:0 a.m.107 views

CVE-2021-35452

CVE-2021-35452 affects libde265 v1.0.8, with an Incorrect Access Control vulnerability caused by a SEGV in slice.cc. Exploitation could lead to denial of service and, in some advisories, potential arbitrary code execution via crafted media files. Public details in connected documents indicate rem...

6.5CVSS6.3AI score0.01321EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.106 views

CVE-2020-21600

Summary of CVE-2020-21600 : libde265 version 1.0.4 contains a heap buffer overflow in the function put_weighted_pred_avg_16_fallback. This can be exploited via a crafted file, potentially leading to denial of service or arbitrary code execution per publicly referenced notes. Public advisories acr...

6.5CVSS7.2AI score0.01438EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.106 views

CVE-2020-21601

CVE-2020-21601 affects libde265 version 1.0.4 and describes a stack buffer overflow in the put_qpel_fallback function exploitable via a crafted file. Public/affecting documents corroborate this vulnerability in libde265 1.0.4. Remediation across connected sources specifies upgrading to libde265 1...

6.5CVSS7.2AI score0.01096EPSS
CVE
CVE
added 2022/01/10 12:0 a.m.106 views

CVE-2021-36411

CVE-2021-36411 affects libde265 v1.0.8, with a root cause in incorrect access control causing a segmentation fault (SEGV) from a READ memory access in derive_boundaryStrength (deblock.cc). This leads to a remote denial of service via application crash. Publicly documented impact is DoS potential;...

5.5CVSS5.5AI score0.01155EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.105 views

CVE-2022-43240

CVE-2022-43240 affects libde265 v1.0.8 and is described as a heap-buffer-overflow in ff_hevc_put_hevc_qpel_h_2_v_1_sse within sse-motion.cc, leading to potential Denial of Service via crafted video files. Multiple connected sources corroborate the same vulnerability and scope across distributions...

6.5CVSS7.3AI score0.00844EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.105 views

CVE-2022-43249

Libde265 1.0.8 contains a heap-buffer-overflow in put_epel_hv_fallback (fallback-motion.cc), enabling DoS via a crafted video file. Affected software/version: libde265 v1.0.8. Root cause and impact are as described in multiple connected advisories, which consistently cite Denial of Service when p...

6.5CVSS6.4AI score0.00844EPSS
CVE
CVE
added 2023/03/15 12:0 a.m.105 views

CVE-2023-27102

CVE-2023-27102 affects libde265 v1.0.11. A segmentation violation is triggered in decoder_context::process_slice_segment_header (decctx.cc). Public references describe potential denial of service, with network-attack exposure per CVSS and related advisories. Ubuntu/USN-6677-1 and Debian/ DLA-3676...

6.5CVSS7.2AI score0.0067EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.104 views

CVE-2022-43248

CVE-2022-43248 affects libde265 v1.0.8. A heap-buffer-overflow via put_weighted_pred_avg_16_fallback in fallback-motion.cc allows a crafted video file to trigger a Denial of Service. Publicly documented details appear in multiple advisories (Debian, Gentoo, Cloud Foundry, etc.). Remediation: upgr...

6.5CVSS7.3AI score0.00844EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.102 views

CVE-2022-43241

CVE-2022-43241 affects Libde265 v1.0.8 and is described as an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc, enabling Denial of Service through a crafted video file. Technical details across connected docs confirm the vulnerability is tied to the H.265 libde265 implementation...

6.5CVSS7.3AI score0.00844EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.101 views

CVE-2022-43238

CVE-2022-43238 affects Libde265 v1.0.8 and is due to an unknown crash in ff_hevc_put_hevc_qpel_h_3_v_3_sse within sse-motion.cc, allowing DoS via a crafted video file. Public advisoriesconfirm a DoS impact; several vendors advise upgrading. Remediation (examples): upgrade to libde265 1.0.11+ (Deb...

6.5CVSS7.3AI score0.00856EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.101 views

CVE-2022-43245

CVE-2022-43245 affects libde265 v1.0.8 and is a segmentation fault in apply_sao_internal (sao.cc) that enables Denial of Service via a crafted video file. Public documents tie this to multiple distributions and advisories (Debian DSA 5346-1, USN/LTS notes, Gentoo GLSA, AstraLinux, Alpine Linux, F...

6.5CVSS6.4AI score0.00844EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.99 views

CVE-2020-21604

CVE-2020-21604 affects libde265 v1.0.4, with a heap buffer overflow in the _mm_loadl_epi64 function. The vulnerability can be triggered by a crafted file, potentially causing denial of service. Advisories (Debian, Alpine, Gentoo) instruct upgrading to libde265-1.0.11 or newer. If you rely on libd...

6.5CVSS7.2AI score0.01057EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.98 views

CVE-2020-21603

CVE-2020-21603 affects libde265 v1.0.4, with a heap buffer overflow in the put_qpel_0_0_fallback_16 function that can be exploited via a crafted file. Documents from Debian and Gentoo indicate multiple vendors have patched libde265 and advise upgrading to a fixed release (e.g., Debian’s 1.0.11 an...

6.5CVSS7.2AI score0.01057EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.96 views

CVE-2020-21606

CVE-2020-21606 affects libde265 v1.0.4, with a heap buffer overflow in the put_epel_16_fallback function. The vulnerability can be exploited by processing a specially crafted file, as noted across multiple sources. Public references describe the issue consistently as a heap-based overflow in libd...

6.5CVSS7.2AI score0.01096EPSS
CVE
CVE
added 2022/01/10 12:0 a.m.93 views

CVE-2021-36409

CVE-2021-36409 affects libde265 (v1.0.8) and is caused by an Assertion failure scaling_list_pred_matrix_id_delta==1 in sps.cc:925, which can lead to Denial of Service when decoding a crafted file. Multiple connected sources confirm the same issue and indicate DoS potential (and possible unspecifi...

7.8CVSS7.9AI score0.00897EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.92 views

CVE-2020-21595

CVE-2020-21595 affects libde265 v1.0.4, with a heap buffer overflow in the mc_luma function exploitable by crafted files. Public entries reference libde265 fixes (1.0.11) via Debian security advisories and Gentoo GLSA; Astra/Linux and CNVD entries corroborate the same issue. No exploit details or...

6.5CVSS7.2AI score0.01096EPSS
CVE
CVE
added 2021/09/16 12:0 a.m.88 views

CVE-2020-21605

CVE-2020-21605 affects libde265 v1.0.4, where a segmentation fault in the apply_sao_internal function can be triggered by processing a crafted file, potentially enabling a denial-of-service. Connected advisories corroborate the issue and point to multiple distributions addressing it by upgrading ...

6.5CVSS6.9AI score0.01008EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.83 views

CVE-2022-47665

CVE-2022-47665 concerns a heap buffer overflow in libde265 1.0.9, specifically in de265_image::set_SliceAddrRS(int, int, int). Multiple vendor advisories confirm the issue and indicate that upgrading to libde265 1.0.11 or newer mitigates/fixes the vulnerability (e.g., Gentoo GLSA 2024-08-20, Mage...

7.8CVSS7.6AI score0.00325EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.82 views

CVE-2023-25221

CVE-2023-25221 affects libde265 v1.0.10, with a heap-buffer-overflow in derive_spatial_luma_vector_prediction (motion.cc). The vulnerability is tracked across multiple advisories and Debian notes, with the issue fixed in libde265-1.0.11 (per Debian DLA-3352-1) and showcased in Mageia's update to ...

7.8CVSS7.3AI score0.00333EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.79 views

CVE-2023-24752

libde265 v1.0.10 is affected by a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function (sse-motion.cc), enabling DoS via a crafted input file. This CVE is documented in multiple sources (e.g., Debian DLA-3352-1) and is addressed by upgrading to a fixed release (e.g., libde2...

5.5CVSS5.4AI score0.00292EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.78 views

CVE-2023-24757

CVE-2023-24757 affects libde265 v1.0.10 and is caused by a NULL pointer dereference in the put_unweighted_pred_16_fallback function (fallback-motion.cc), leading to Denial of Service via a crafted input file. Multiple vendor advisories (Debian DLA-3352-1, Mageia MGASA-2023-0093) and Gentoo GLSA r...

5.5CVSS5.4AI score0.00292EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.75 views

CVE-2023-24751

CVE-2023-24751 affects libde265 v1.0.10, with a NULL pointer dereference in mc_chroma (motion.cc) leading to Denial of Service via crafted input. Public advisories (e.g., Debian DLA-3352-1) fix this by upgrading to libde265 1.0.11 (and related package updates). Other connected sources (Astra Linu...

6.5CVSS6AI score0.00774EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.74 views

CVE-2023-24755

CVE-2023-24755 concerns libde265 v1.0.10, where a NULL pointer dereference in the function put_weighted_pred_8_fallback (fallback-motion.cc) allows a crafted input file to trigger a Denial of Service. Public advisories confirm the issue and list v1.0.11 as the fix (e.g., Debian DLA-3352-1). Remed...

5.5CVSS5.4AI score0.00292EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.73 views

CVE-2023-24754

CVE-2023-24754 affects libde265 v1.0.10. The vulnerability is a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function (sse-motion.cc), enabling Denial of Service via a crafted input file. Connected advisories confirm the same issue and indicate remediation: upgrade to newer...

5.5CVSS5.4AI score0.00292EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.72 views

CVE-2023-24756

CVE-2023-24756 affects libde265 v1.0.10 with a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function (sse-motion.cc), enabling Denial of Service via crafted input files. Debian’s DLA-3352-1 notes a fix to v1.0.11; Mageia also references an updated libde265 (v1.0.11). Other co...

5.5CVSS5.4AI score0.00292EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.71 views

CVE-2022-47664

CVE-2022-47664 relates to libde265 1.0.9, where a buffer overflow occurs in the function ff_hevc_put_hevc_qpel_pixels_8_sse. The issue is reachable locally and requires user interaction, with high impact on confidentiality, integrity, and availability as indicated by CVSS v3.1 metrics. Public adv...

7.8CVSS7.3AI score0.00312EPSS
CVE
CVE
added 2022/11/02 12:0 a.m.69 views

CVE-2022-43235

CVE-2022-43235 — libde265 heap-buffer-overflow . Libde265 v1.0.8 contains a heap-buffer-overflow in the function set by ff_hevc_put_hevc_epel_pixels_8_sse (sse-motion.cc), which can cause a Denial of Service when processing a crafted video file. The vulnerability is reported across multiple advis...

6.5CVSS7.3AI score0.00825EPSS
CVE
CVE
added 2023/11/22 12:0 a.m.66 views

CVE-2023-43887

CVE-2023-43887 affects Libde265, with v1.0.12 containing multiple buffer overflows in pic_parameter_set::dump triggered by num_tile_columns and num_tile_row. Connected sources corroborate broader libde265 issues and note related CVEs (27102, 27103, 47471, 49465, 49467, 49468). Public details spec...

8.1CVSS8.1AI score0.00979EPSS
CVE
CVE
added 2023/03/01 12:0 a.m.64 views

CVE-2023-24758

CVE-2023-24758 affects libde265 (v1.0.10) and is a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function (sse-motion.cc), leading to a Denial of Service via crafted input. Multiple connected sources confirm the same issue and point to a fix in newer libde265 releases (e.g.,...

5.5CVSS5.4AI score0.00292EPSS
CVE
CVE
added 2024/06/26 12:0 a.m.62 views

CVE-2024-38949

CVE-2024-38949 describes a Heap Buffer Overflow in Libde265 v1.0.15, caused by a crafted payload that triggers the display444as420 function in sdl.cc, leading to application crash. Multiple connected sources confirm the same flaw across various databases (NVD/Nessus/Veracode/etc.). The provided d...

6.5CVSS6.6AI score0.00437EPSS
Total number of security vulnerabilities60