Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 23.10 USN-6764-1 Moderate: libde265 Denial of Service Issue

ubuntu
Calendar Grey May 7, 2024
Dist Ubuntu Esm H88
Ubuntu Security Advisory USN-6765-1: libpng could be exploited through crafted images. Prompt installation of patches advised.
libde265 could be made to crash if it opened a specially crafted file.

Summary

libde265 could be made to crash if it opened a specially crafted

file.

Software Description:

- libde265: Open H.265 video codec implementation

Details:

It was discovered that libde265 could be made to allocate memory that

exceeds the maximum supported size. If a user or automated system were

tricked into opening a specially crafted file, an attacker could possibly

use this issue to cause a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
   libde265-0                      1.0.12-2ubuntu0.2

Ubuntu 22.04 LTS
   libde265-0                      1.0.8-1ubuntu0.3+esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   libde265-0                      1.0.4-1ubuntu0.4+esm1
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   libde265-0                      1.0.2-2ubuntu0.18.04.1~esm5
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libde265-0                      1.0.2-2ubuntu0.16.04.1~esm5
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6764-1

  CVE-2023-51792

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6764-1

Package Information

  https://launchpad.net/ubuntu/+source/libde265/1.0.12-2ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here