- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3676-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
November 30, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libde265
Version        : 1.0.11-0+deb10u5
CVE ID         : CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471

Multiple issues were found in libde265, an open source implementation of the h.265 video codec.

CVE-2023-27102

    NULL pointer dereference in function decoder_context::process_slice_segment_header
    at decctx.cc.

CVE-2023-27103

    Heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.

CVE-2023-43887

    Multiple buffer overflows via the num_tile_columns and num_tile_row parameters in
    the function pic_parameter_set::dump.

CVE-2023-47471

    Buffer overflow vulnerability in strukturag may cause a denial of service via
    the slice_segment_header function in the slice.cc component.

For Debian 10 buster, these problems have been fixed in version
1.0.11-0+deb10u5.

We recommend that you upgrade your libde265 packages.

For the detailed security status of libde265 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libde265

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3676-1: libde265 security update

November 30, 2023
Multiple issues were found in libde265, an open source implementation of the h.265 video codec

Summary

CVE-2023-27102

NULL pointer dereference in function decoder_context::process_slice_segment_header
at decctx.cc.

CVE-2023-27103

Heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.

CVE-2023-43887

Multiple buffer overflows via the num_tile_columns and num_tile_row parameters in
the function pic_parameter_set::dump.

CVE-2023-47471

Buffer overflow vulnerability in strukturag may cause a denial of service via
the slice_segment_header function in the slice.cc component.

For Debian 10 buster, these problems have been fixed in version
1.0.11-0+deb10u5.

We recommend that you upgrade your libde265 packages.

For the detailed security status of libde265 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libde265

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : libde265
Version : 1.0.11-0+deb10u5
CVE ID : CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo