CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
strukturag/libde265 is vulnerable to Denial of Service (DoS). The vulnerability is caused due to a lack of proper bounds checking when calculating memory allocation sizes within image.cc
. An attacker could manipulate the values to exceed the intended dimensions, leading to a buffer overflow and potentially a Denial of Service (DoS).
github.com/strukturag/libde265
github.com/strukturag/libde265/commit/221e767136b8c46c748ae35b79ec9b976b3da301
github.com/strukturag/libde265/issues/427
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/