Skip to main content

Libde265

40 CVEs product

Monthly

CVE-2026-49346 HIGH PATCH This Week

Heap buffer overflow in libde265 prior to version 1.1.0 allows remote attackers to corrupt heap memory and likely achieve code execution by tricking a user into processing a crafted H.265 video stream. The flaw stems from a 32-bit signed integer overflow in plane allocation sizing that wraps to ~1 KB, after which fill_image() writes the true ~4 GB plane content into the undersized buffer. No public exploit identified at time of analysis, but the upstream commit (8a1b5cf) and GHSA-vv8h-932h-7r86 publicly document the exact overflow location.

Integer Overflow Buffer Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-49295 HIGH PATCH This Week

Out-of-bounds write in libde265 prior to version 1.0.20 allows remote attackers to corrupt memory by tricking a user into processing a maliciously crafted H.265 bitstream. The flaw resides in the short-term reference picture set handling and can lead to denial of service or potential code execution in any application that links libde265 for HEVC decoding. No public exploit identified at time of analysis, though the upstream patch and commit-level root-cause disclosure provide a clear roadmap for exploit development.

Memory Corruption Buffer Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-49337 MEDIUM PATCH This Month

Unbounded heap growth in libde265 prior to version 1.0.20 allows remote attackers to exhaust process memory by delivering a crafted H.265 bitstream, resulting in denial of service. The flaw in `decoder_context::read_slice_NAL()` (decctx.cc:481) unconditionally attaches slice segment headers to finished picture objects regardless of whether an active image unit exists; in continuous streaming contexts these headers are never freed, enabling attacker-controlled memory accumulation without bound. No active exploitation is confirmed (not listed in CISA KEV) and no public POC has been identified at time of analysis, but the network-accessible, no-privileges-required vector makes any application consuming untrusted H.265 content an exposure surface.

Denial Of Service Libde265
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-33164 HIGH PATCH This Week

A malformed H.265 PPS (Picture Parameter Set) NAL unit in libde265 prior to version 1.0.17 triggers a segmentation fault in the pic_parameter_set::set_derived_values() function, causing denial of service. Any application using affected versions of libde265 to decode H.265 video streams is vulnerable to crash via specially crafted video files or streams. The vulnerability has been patched in version 1.0.17, and a GitHub security advisory documents the issue.

Buffer Overflow Heap Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33165 MEDIUM PATCH This Month

A remote code execution vulnerability in libde265 (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Memory Corruption Buffer Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-61147 MEDIUM This Month

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). [CVSS 6.2 MEDIUM]

Buffer Overflow Libde265
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-38950 MEDIUM POC This Month

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38949 MEDIUM This Month

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-49468 HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-49467 HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49465 HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-43887 HIGH POC PATCH This Week

Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-47471 MEDIUM PATCH This Month

Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Libde265
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27103 HIGH POC This Week

Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-27102 MEDIUM POC This Month

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-25221 HIGH POC This Week

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-24758 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24757 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24756 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24755 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24754 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24752 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24751 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43253 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43252 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43250 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43249 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43248 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43245 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43244 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43243 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43242 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43241 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43240 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43239 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43238 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43237 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43236 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43235 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1253 CRITICAL POC PATCH Act Now

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libde265
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap buffer overflow in libde265 prior to version 1.1.0 allows remote attackers to corrupt heap memory and likely achieve code execution by tricking a user into processing a crafted H.265 video stream. The flaw stems from a 32-bit signed integer overflow in plane allocation sizing that wraps to ~1 KB, after which fill_image() writes the true ~4 GB plane content into the undersized buffer. No public exploit identified at time of analysis, but the upstream commit (8a1b5cf) and GHSA-vv8h-932h-7r86 publicly document the exact overflow location.

Integer Overflow Buffer Overflow Libde265
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds write in libde265 prior to version 1.0.20 allows remote attackers to corrupt memory by tricking a user into processing a maliciously crafted H.265 bitstream. The flaw resides in the short-term reference picture set handling and can lead to denial of service or potential code execution in any application that links libde265 for HEVC decoding. No public exploit identified at time of analysis, though the upstream patch and commit-level root-cause disclosure provide a clear roadmap for exploit development.

Memory Corruption Buffer Overflow Libde265
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unbounded heap growth in libde265 prior to version 1.0.20 allows remote attackers to exhaust process memory by delivering a crafted H.265 bitstream, resulting in denial of service. The flaw in `decoder_context::read_slice_NAL()` (decctx.cc:481) unconditionally attaches slice segment headers to finished picture objects regardless of whether an active image unit exists; in continuous streaming contexts these headers are never freed, enabling attacker-controlled memory accumulation without bound. No active exploitation is confirmed (not listed in CISA KEV) and no public POC has been identified at time of analysis, but the network-accessible, no-privileges-required vector makes any application consuming untrusted H.265 content an exposure surface.

Denial Of Service Libde265
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A malformed H.265 PPS (Picture Parameter Set) NAL unit in libde265 prior to version 1.0.17 triggers a segmentation fault in the pic_parameter_set::set_derived_values() function, causing denial of service. Any application using affected versions of libde265 to decode H.265 video streams is vulnerable to crash via specially crafted video files or streams. The vulnerability has been patched in version 1.0.17, and a GitHub security advisory documents the issue.

Buffer Overflow Heap Overflow Libde265
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A remote code execution vulnerability in libde265 (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Memory Corruption Buffer Overflow Libde265
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). [CVSS 6.2 MEDIUM]

Buffer Overflow Libde265
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Libde265
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Libde265
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libde265
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Libde265
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libde265 Debian Linux
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libde265
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy