Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian 10: DLA-3676-1 Critical libde265 Denial Of Service Issues

debian lts
Calendar Grey November 30, 2023
Dist Debian Esm H88
Key libde265 update addresses a range of issues including buffer overflow vulnerabilities and potential denial of service exploitations.
Multiple issues were found in libde265, an open source implementation of the h.265 video codec

Summary

CVE-2023-27102

NULL pointer dereference in function decoder_context::process_slice_segment_header
at decctx.cc.

CVE-2023-27103

Heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.

CVE-2023-43887

Multiple buffer overflows via the num_tile_columns and num_tile_row parameters in
the function pic_parameter_set::dump.

CVE-2023-47471

Buffer overflow vulnerability in strukturag may cause a denial of service via
the slice_segment_header function in the slice.cc component.

For Debian 10 buster, these problems have been fixed in version
1.0.11-0+deb10u5.

We recommend that you upgrade your libde265 packages.

For the detailed security status of libde265 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libde265

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: libde265
Version: 1.0.11-0+deb10u5
CVE ID: CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here