CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24757
https://notcve.org/view.php?id=CVE-2023-24757
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. • https://github.com/strukturag/libde265/issues/385 https://lists.debian.org/debian-lts-announce/2023/03/msg00004.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24752
https://notcve.org/view.php?id=CVE-2023-24752
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. • https://github.com/strukturag/libde265/issues/378 https://lists.debian.org/debian-lts-announce/2023/03/msg00004.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0996
https://notcve.org/view.php?id=CVE-2023-0996
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. • https://github.com/strukturag/libheif/pull/759 https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47655
https://notcve.org/view.php?id=CVE-2022-47655
Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> Libde265 1.0.9 es vulnerable al desbordamiento del búfer en la función void put_qpel_fallback • https://github.com/strukturag/libde265/issues/367 https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html https://www.debian.org/security/2023/dsa-5346 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-43244
https://notcve.org/view.php?id=CVE-2022-43244
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. Se descubrió que Libde265 v1.0.8 contenía una vulnerabilidad de desbordamiento del búfer a través de put_qpel_fallback en fallback-motion.cc. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo de vídeo manipulado. • https://github.com/strukturag/libde265/issues/342 https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html https://www.debian.org/security/2023/dsa-5346 • CWE-787: Out-of-bounds Write •