Debian 10: DLA-3280-1 Critical: libde265 Denial Of Service Fix
debian lts
January 24, 2023
Multiple issues were found in libde265, an open source implementation of the H.265 video codec, which may result in denial of service or have unspecified other impact
Summary
CVE-2020-21596
libde265 v1.0.4 contains a global buffer overflow in the
decode_CABAC_bit function, which can be exploited via a crafted a
file.
CVE-2020-21597
libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma
function, which can be exploited via a crafted a file.
CVE-2020-21598
libde265 v1.0.4 contains a heap buffer overflow in the
ff_hevc_put_unweighted_pred_8_sse function, which can be exploited
via a crafted a file.
CVE-2022-43235
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in
sse-motion.cc. This vulnerability allows attackers to cause a Denial
of Service (DoS) via a crafted video file.
CVE-2022-43236
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow
vulnerability via put_qpel_fallback
fallback-motion.cc. This vulnerability allows attackers to cause a
Denial of Service (DoS) via a crafted video file.
CVE-2022-43237
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: libde265
Version: 1.0.3-1+deb10u2
CVE ID: CVE-2020-21596 CVE-2020-21597 CVE-2020-21598 CVE-2022-43235
Debian Bug: 1025816 1027179 1029357 1029397
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!