Vendor CVEs
Strukturag
All CVEs
84 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32740 | Hig | 0.57 | 8.8 | 0.01 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap… | ||
| CVE-2026-41071 | Hig | 0.53 | 8.1 | 0.00 | May 22, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the… | ||
| CVE-2026-32882 | Hig | 0.46 | 7.1 | 0.00 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay image (iovl) whose child image has a different bit depth for the alpha channel… | ||
| CVE-2026-32741 | Hig | 0.46 | 7.1 | 0.00 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel… | ||
| CVE-2026-32814 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns heif_error_Ok with no indication of failure,… | ||
| CVE-2026-32739 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no… | ||
| CVE-2026-32738 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX),… | ||
| CVE-2026-41069 | Med | 0.35 | 6.5 | 0.00 | May 22, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while… | ||
| CVE-2026-3950 | Low | 0.21 | 3.3 | 0.00 | Mar 11, 2026 | A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is… | ||
| CVE-2026-3949 | Low | 0.21 | 3.3 | 0.00 | Mar 11, 2026 | A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack… | ||
| CVE-2023-51792 | Low | 0.21 | 3.3 | 0.00 | Apr 19, 2024 | Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000. | ||
| CVE-2026-49346 | 0.00 | — | 0.00 | Jun 19, 2026 | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the… | |||
| CVE-2026-49295 | 0.00 | — | 0.00 | Jun 19, 2026 | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()` (`libde265/decctx.cc:1376`). The root cause is a missing aggregate… | |||
| CVE-2026-49337 | 0.00 | — | 0.00 | Jun 19, 2026 | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object that has no active image… | |||
| CVE-2026-49271 | 0.00 | — | 0.00 | Jun 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then… | |||
| CVE-2026-33164 | 0.00 | — | 0.00 | Mar 20, 2026 | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17. | |||
| CVE-2026-33165 | 0.00 | — | 0.00 | Mar 20, 2026 | libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and… | |||
| CVE-2025-61147 | 0.00 | — | 0.00 | Feb 23, 2026 | strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). | |||
| CVE-2025-68431 | 0.00 | — | 0.00 | Dec 29, 2025 | libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped… | |||
| CVE-2025-43967 | 0.00 | — | 0.00 | Apr 20, 2025 | libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item. | |||
| CVE-2025-43966 | 0.00 | — | 0.00 | Apr 20, 2025 | libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. | |||
| CVE-2025-29482 | 0.00 | — | 0.00 | Apr 7, 2025 | Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. | |||
| CVE-2024-41311 | 0.00 | — | 0.01 | Oct 15, 2024 | In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. | |||
| CVE-2024-38949 | 0.00 | — | 0.00 | Jun 26, 2024 | Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc | |||
| CVE-2024-38950 | 0.00 | — | 0.00 | Jun 26, 2024 | Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. | |||
| CVE-2024-25269 | 0.00 | — | 0.01 | Mar 5, 2024 | libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack. | |||
| CVE-2023-49467 | 0.00 | — | 0.01 | Dec 7, 2023 | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. | |||
| CVE-2023-49468 | 0.00 | — | 0.01 | Dec 7, 2023 | Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. | |||
| CVE-2023-49462 | 0.00 | — | 0.01 | Dec 7, 2023 | libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. | |||
| CVE-2023-49460 | 0.00 | — | 0.01 | Dec 7, 2023 | libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. | |||
| CVE-2023-49464 | 0.00 | — | 0.01 | Dec 7, 2023 | libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. | |||
| CVE-2023-49465 | 0.00 | — | 0.01 | Dec 7, 2023 | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. | |||
| CVE-2023-43887 | 0.00 | — | 0.01 | Nov 22, 2023 | Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. | |||
| CVE-2023-47471 | 0.00 | — | 0.01 | Nov 16, 2023 | Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component. | |||
| CVE-2023-27103 | 0.00 | — | 0.01 | Mar 15, 2023 | Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. | |||
| CVE-2023-27102 | 0.00 | — | 0.01 | Mar 15, 2023 | Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. | |||
| CVE-2022-47664 | 0.00 | — | 0.00 | Mar 3, 2023 | Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse | |||
| CVE-2022-47665 | 0.00 | — | 0.00 | Mar 3, 2023 | Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) | |||
| CVE-2023-24756 | 0.00 | — | 0.00 | Mar 1, 2023 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||
| CVE-2023-24751 | 0.00 | — | 0.01 | Mar 1, 2023 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||
| CVE-2023-24758 | 0.00 | — | 0.00 | Mar 1, 2023 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||
| CVE-2023-24754 | 0.00 | — | 0.00 | Mar 1, 2023 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||
| CVE-2023-25221 | 0.00 | — | 0.00 | Mar 1, 2023 | Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. | |||
| CVE-2023-24755 | 0.00 | — | 0.00 | Mar 1, 2023 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||
| CVE-2023-24752 | 0.00 | — | 0.00 | Mar 1, 2023 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||
| CVE-2023-24757 | 0.00 | — | 0.00 | Mar 1, 2023 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||
| CVE-2023-0996 | 0.00 | — | 0.00 | Feb 24, 2023 | There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. | |||
| CVE-2022-47655 | 0.00 | — | 0.00 | Jan 5, 2023 | Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback | |||
| CVE-2022-43236 | 0.00 | — | 0.01 | Nov 2, 2022 | Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||
| CVE-2022-43238 | 0.00 | — | 0.01 | Nov 2, 2022 | Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. |
- risk 0.57cvss 8.8epss 0.01
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap…
- risk 0.53cvss 8.1epss 0.00
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the…
- risk 0.46cvss 7.1epss 0.00
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay image (iovl) whose child image has a different bit depth for the alpha channel…
- risk 0.46cvss 7.1epss 0.00
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel…
- risk 0.42cvss 6.5epss 0.00
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns heif_error_Ok with no indication of failure,…
- risk 0.42cvss 6.5epss 0.00
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no…
- risk 0.42cvss 6.5epss 0.00
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX),…
- risk 0.35cvss 6.5epss 0.00
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack…
- risk 0.21cvss 3.3epss 0.00
Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.
- CVE-2026-49346Jun 19, 2026risk 0.00cvss —epss 0.00
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the…
- CVE-2026-49295Jun 19, 2026risk 0.00cvss —epss 0.00
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()` (`libde265/decctx.cc:1376`). The root cause is a missing aggregate…
- CVE-2026-49337Jun 19, 2026risk 0.00cvss —epss 0.00
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object that has no active image…
- CVE-2026-49271Jun 19, 2026risk 0.00cvss —epss 0.00
libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then…
- CVE-2026-33164Mar 20, 2026risk 0.00cvss —epss 0.00
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.
- CVE-2026-33165Mar 20, 2026risk 0.00cvss —epss 0.00
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and…
- CVE-2025-61147Feb 23, 2026risk 0.00cvss —epss 0.00
strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().
- CVE-2025-68431Dec 29, 2025risk 0.00cvss —epss 0.00
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped…
- CVE-2025-43967Apr 20, 2025risk 0.00cvss —epss 0.00
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
- CVE-2025-43966Apr 20, 2025risk 0.00cvss —epss 0.00
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
- CVE-2025-29482Apr 7, 2025risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.
- CVE-2024-41311Oct 15, 2024risk 0.00cvss —epss 0.01
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
- CVE-2024-38949Jun 26, 2024risk 0.00cvss —epss 0.00
Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc
- CVE-2024-38950Jun 26, 2024risk 0.00cvss —epss 0.00
Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.
- CVE-2024-25269Mar 5, 2024risk 0.00cvss —epss 0.01
libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.
- CVE-2023-49467Dec 7, 2023risk 0.00cvss —epss 0.01
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.
- CVE-2023-49468Dec 7, 2023risk 0.00cvss —epss 0.01
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.
- CVE-2023-49462Dec 7, 2023risk 0.00cvss —epss 0.01
libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
- CVE-2023-49460Dec 7, 2023risk 0.00cvss —epss 0.01
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
- CVE-2023-49464Dec 7, 2023risk 0.00cvss —epss 0.01
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.
- CVE-2023-49465Dec 7, 2023risk 0.00cvss —epss 0.01
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.
- CVE-2023-43887Nov 22, 2023risk 0.00cvss —epss 0.01
Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.
- CVE-2023-47471Nov 16, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.
- CVE-2023-27103Mar 15, 2023risk 0.00cvss —epss 0.01
Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.
- CVE-2023-27102Mar 15, 2023risk 0.00cvss —epss 0.01
Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.
- CVE-2022-47664Mar 3, 2023risk 0.00cvss —epss 0.00
Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse
- CVE-2022-47665Mar 3, 2023risk 0.00cvss —epss 0.00
Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)
- CVE-2023-24756Mar 1, 2023risk 0.00cvss —epss 0.00
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24751Mar 1, 2023risk 0.00cvss —epss 0.01
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24758Mar 1, 2023risk 0.00cvss —epss 0.00
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24754Mar 1, 2023risk 0.00cvss —epss 0.00
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-25221Mar 1, 2023risk 0.00cvss —epss 0.00
Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.
- CVE-2023-24755Mar 1, 2023risk 0.00cvss —epss 0.00
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24752Mar 1, 2023risk 0.00cvss —epss 0.00
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-24757Mar 1, 2023risk 0.00cvss —epss 0.00
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
- CVE-2023-0996Feb 24, 2023risk 0.00cvss —epss 0.00
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
- CVE-2022-47655Jan 5, 2023risk 0.00cvss —epss 0.00
Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback
- CVE-2022-43236Nov 2, 2022risk 0.00cvss —epss 0.01
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
- CVE-2022-43238Nov 2, 2022risk 0.00cvss —epss 0.01
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
Page 1 of 2