Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6617-1
HistoryJan 30, 2024 - 12:00 a.m.

libde265 vulnerabilities

2024-01-3000:00:00
ubuntu.com
7
ubuntu
libde265
h.265 video codec
denial of service
arbitrary code
memory management
out of bounds
cve-2020-21594
cve-2020-21595
cve-2020-21596
cve-2020-21597
cve-2020-21598
cve-2020-21599
cve-2020-21600
cve-2020-21601
cve-2020-21602
cve-2020-21603
cve-2020-21604
cve-2020-21605
cve-2020-21606
cve-2021-36408

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.3%

JSON

Releases

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • libde265 - Open H.265 video codec implementation

Details

It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. (CVE-2020-21594)

It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2020-21595, CVE-2020-21596,
CVE-2020-21599, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602,
CVE-2020-21603, CVE-2020-21604, CVE-2020-21605)

It was discovered that libde265 did not properly manage memory. If a user
or automated system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-21597, CVE-2020-21598, CVE-2020-21606, CVE-2021-36408)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchlibde265-0< 1.0.4-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchlibde265-0-dbgsym< 1.0.4-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchlibde265-dev< 1.0.4-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchlibde265-examples< 1.0.4-1ubuntu0.1UNKNOWN
Ubuntu20.04noarchlibde265-examples-dbgsym< 1.0.4-1ubuntu0.1UNKNOWN
Ubuntu18.04noarchlibde265-0< 1.0.2-2ubuntu0.18.04.1~esm1UNKNOWN
Ubuntu18.04noarchlibde265-0< 1.0.2-2build1UNKNOWN
Ubuntu18.04noarchlibde265-0-dbgsym< 1.0.2-2build1UNKNOWN
Ubuntu18.04noarchlibde265-dev< 1.0.2-2build1UNKNOWN
Ubuntu18.04noarchlibde265-examples< 1.0.2-2build1UNKNOWN
Rows per page:
1-10 of 171

Related

nessus 6
openvas 6
osv 19
freebsd 1
debian 3
mageia 1
prion 14
cnvd 14
cve 14
ubuntucve 14
alpinelinux 14
veracode 9
debiancve 14
cloudfoundry 1
ubuntu 1
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : libde265 vulnerabilities (USN-6617-1)
2024-01-30 00:00:00
FreeBSD : libde256 -- multiple vulnerabilities (421c0af9-b206-11ed-9fe5-f4a47516fb57)
2023-02-21 00:00:00
Debian DSA-5346-1 : libde265 - security update
2023-02-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6617-1)
2024-01-31 00:00:00
Debian: Security Advisory (DLA-3240-1)
2022-12-16 00:00:00
Debian: Security Advisory (DSA-5346-1)
2023-02-12 00:00:00
osv
osv
libde265 vulnerabilities
2024-01-30 14:17:08
libde265 - security update
2022-12-15 00:00:00
libde265 - security update
2023-02-10 00:00:00
freebsd
freebsd
libde256 -- multiple vulnerabilities
2023-01-27 00:00:00
debian
debian
[SECURITY] [DSA 5346-1] libde265 security update
2023-02-10 19:38:07
[SECURITY] [DLA 3240-1] libde265 security update
2022-12-15 18:13:59
[SECURITY] [DLA 3280-1] libde265 security update
2023-01-24 22:20:48
mageia
mageia
Updated libde265 packages fix security vulnerability
2023-03-19 01:16:28
prion
prion
Stack overflow
2021-09-16 22:15:00
Heap overflow
2021-09-16 22:15:00
Buffer overflow
2021-09-16 22:15:00
cnvd
cnvd
libde265 Global Buffer Overflow Vulnerability
2021-09-17 00:00:00
libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78430)
2021-09-17 00:00:00
libde265 Stack Buffer Overflow Vulnerability (CNVD-2021-78433)
2021-09-17 00:00:00
cve
cve
CVE-2020-21596
2021-09-16 22:15:00
CVE-2020-21597
2021-09-16 22:15:00
CVE-2020-21602
2021-09-16 22:15:00
ubuntucve
ubuntucve
CVE-2020-21596
2021-09-16 00:00:00
CVE-2020-21603
2021-09-16 00:00:00
CVE-2020-21601
2021-09-16 00:00:00
alpinelinux
alpinelinux
CVE-2020-21596
2021-09-16 22:15:00
CVE-2020-21598
2021-09-16 22:15:00
CVE-2020-21601
2021-09-16 22:15:00
veracode
veracode
Denial Of Service (DoS)
2023-02-12 09:25:30
Denial Of Service (DoS)
2021-09-17 04:33:36
Denial Of Service (DoS)
2023-02-11 17:54:34
debiancve
debiancve
CVE-2020-21598
2021-09-16 22:15:00
CVE-2020-21596
2021-09-16 22:15:00
CVE-2020-21601
2021-09-16 22:15:00
cloudfoundry
cloudfoundry
USN-6627-1: libde265 vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
ubuntu
ubuntu
libde265 vulnerabilities
2024-02-08 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.3%

JSON
Related for USN-6617-1
nessus6openvas6osv19freebsd1debian3mageia1prion14cnvd14cve14ubuntucve14alpinelinux14veracode9debiancve14cloudfoundry1ubuntu1