Debian 10: DLA-3240-1 Moderate Security Alert: Libde265 DoS Issue
debian lts
December 15, 2022
Multiple issues were found in libde265, an open source implementation of the h.265 video codec, which may result in denial of or have unspecified other impact
Topics Covered
Summary
CVE-2020-21599
libde265 v1.0.4 contains a heap buffer overflow in the
de265_image::available_zscan function, which can be exploited via a crafted
a file.
CVE-2021-35452
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to
a SEGV in slice.cc.
CVE-2021-36408
libde265 v1.0.8 contains a Heap-use-after-free in intrapred.h when decoding
file using dec265.
CVE-2021-36409
There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at
sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to
cause a Denial of Service (DoS) by running the application with a crafted
file or possibly have unspecified other impact.
CVE-2021-36410
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in
function put_epel_hv_fallback when running program dec265.
CVE-2021-36411
An issue has been found in libde265 v1.0.8 due to incorrect access control.
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: libde265
Version: 1.0.3-1+deb10u1
CVE ID: CVE-2020-21599 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409
Debian Bug: 1014977
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!