Published: 16/09/2021 Updated: 22/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
struktur libde265 1.0.4
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #1004963 CVE-2020-21598 CVE-2020-21600 CVE-2020-21602 Package: src:libde265; Maintainer for src:libde265 is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 4 Feb 2022 12:18:02 UTC Severity: grave Tags: security, ...

Multiple security issues were discovered in libde265, an implementation of the H265 video codec which may result in denial of service and potentially the execution of arbitrary code if a malformed media file is processed For the stable distribution (bullseye), these problems have been fixed in version 1011-0+deb11u1 We recommend that you upgra ...

libde265 v104 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file ...

CWE-787 https://github.com/strukturag/libde265/issues/237 https://cwe.mitre.org/data/definitions/122.html https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html https://www.debian.org/security/2023/dsa-5346 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004963 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5346

CVE-2020-21598

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect