VYPR

Libde265

by Strukturag

Source repositories

CVEs (62)

  • CVE-2020-21596MedSep 16, 2021
    risk 0.42cvss 6.5epss 0.01

    libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.

  • CVE-2020-21595MedSep 16, 2021
    risk 0.42cvss 6.5epss 0.01

    libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.

  • CVE-2020-21594MedSep 16, 2021
    risk 0.42cvss 6.5epss 0.01

    libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.

  • CVE-2023-24758MedMar 1, 2023
    risk 0.36cvss 5.5epss 0.00

    libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

  • CVE-2023-24757MedMar 1, 2023
    risk 0.36cvss 5.5epss 0.00

    libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

  • CVE-2023-24756MedMar 1, 2023
    risk 0.36cvss 5.5epss 0.00

    libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

  • CVE-2023-24755MedMar 1, 2023
    risk 0.36cvss 5.5epss 0.00

    libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

  • CVE-2023-24754MedMar 1, 2023
    risk 0.36cvss 5.5epss 0.00

    libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

  • CVE-2023-24752MedMar 1, 2023
    risk 0.36cvss 5.5epss 0.00

    libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

  • CVE-2021-36411MedJan 10, 2022
    risk 0.36cvss 5.5epss 0.01

    An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of…

  • CVE-2021-36410MedJan 10, 2022
    risk 0.36cvss 5.5epss 0.01

    A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

  • CVE-2021-36408MedJan 10, 2022
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.

  • CVE-2023-51792LowApr 19, 2024
    risk 0.21cvss 3.3epss 0.00

    Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.

  • CVE-2026-49346Jun 19, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the…

  • CVE-2026-49295Jun 19, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()` (`libde265/decctx.cc:1376`). The root cause is a missing aggregate…

  • CVE-2026-49337Jun 19, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object that has no active image…

  • CVE-2026-33164Mar 20, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.

  • CVE-2026-33165Mar 20, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and…

  • CVE-2025-61147Feb 23, 2026
    risk 0.00cvss epss 0.00

    strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().

  • CVE-2023-43887HigNov 22, 2023
    risk 0.00cvss 8.1epss 0.01

    Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.