Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 728
Alerts This Week
Warning Icon 1 728

Ubuntu 22.04 LTS USN-6659-1 Critical Libde265 Denial Of Service

ubuntu
Calendar Grey February 26, 2024
Dist Ubuntu Esm H88
Important patches for libde265 resolve various vulnerabilities and possible denial of service risks in Ubuntu 22.04 and prior versions.
Several security issues were fixed in libde265.

Summary

Several security issues were fixed in libde265.

Software Description:

- libde265: Open H.265 video codec implementation

Details:

It was discovered that libde265 could be made to write out of bounds. If a

user or automated system were tricked into opening a specially crafted

file, an attacker could possibly use this issue to cause a denial of

service or execute arbitrary code. (CVE-2022-43244, CVE-2022-43249,

CVE-2022-43250, CVE-2022-47665, CVE-2023-25221)

It was discovered that libde265 could be made to read out of bounds. If a

user or automated system were tricked into opening a specially crafted

file, an attacker could possibly use this issue to cause a denial of

service. (CVE-2022-43245)

It was discovered that libde265 could be made to dereference invalid

memory. If a user or automated system were tricked into opening a specially

crafted file, an attacker could possibly use this issue to cause a denial

of service. (CVE-2023-24751, CVE-2023-24752, CVE-2...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   libde265-0                      1.0.8-1ubuntu0.2

Ubuntu 20.04 LTS:
   libde265-0                      1.0.4-1ubuntu0.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   libde265-0                      1.0.2-2ubuntu0.18.04.1~esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   libde265-0                      1.0.2-2ubuntu0.16.04.1~esm3

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6659-1

  CVE-2022-43244, CVE-2022-43245, CVE-2022-43249, CVE-2022-43250,

  CVE-2022-47665, CVE-2023-24751, CVE-2023-24752, CVE-2023-24754,

  CVE-2023-24755, CVE-2023-24756, CVE-2023-24757, CVE-2023-24758,

  CVE-2023-25221

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6659-1

Package Information

  https://launchpad.net/ubuntu/+source/libde265/1.0.8-1ubuntu0.2
 

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.