Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3240-1:DA04E
HistoryDec 15, 2022 - 6:13 p.m.

[SECURITY] [DLA 3240-1] libde265 security update

2022-12-1518:13:59
lists.debian.org
12
libde265
h.265
security update
cve-2020-21599
cve-2021-35452
denial of service
access control
heap buffer overflow
remote code execution
debian 10buster
debian lts

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.002

Percentile

56.8%

JSON

Debian LTS Advisory DLA-3240-1 [email protected]
https://www.debian.org/lts/security/ Tobias Frost
December 15, 2022 https://wiki.debian.org/LTS

Package : libde265
Version : 1.0.3-1+deb10u1
CVE ID : CVE-2020-21599 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409
CVE-2021-36410 CVE-2021-36411
Debian Bug : 1014977

Multiple issues were found in libde265, an open source implementation of the
h.265 video codec, which may result in denial of or have unspecified other
impact.

CVE-2020-21599

libde265 v1.0.4 contains a heap buffer overflow in the
de265_image::available_zscan function, which can be exploited via a crafted
a file.

CVE-2021-35452

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to
a SEGV in slice.cc.

CVE-2021-36408

libde265 v1.0.8 contains a Heap-use-after-free in intrapred.h when decoding
file using dec265.

CVE-2021-36409

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at
sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to
cause a Denial of Service (DoS) by running the application with a crafted
file or possibly have unspecified other impact.

CVE-2021-36410

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in
function put_epel_hv_fallback when running program dec265.

CVE-2021-36411

An issue has been found in libde265 v1.0.8 due to incorrect access control.
A SEGV caused by a READ memory access in function derive_boundaryStrength of
deblock.cc has occurred. The vulnerability causes a segmentation fault and
application crash, which leads to remote denial of service.

For Debian 10 buster, these problems have been fixed in version
1.0.3-1+deb10u1.

We recommend that you upgrade your libde265 packages.

For the detailed security status of libde265 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libde265

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian11arm64libde265-examples-dbgsym< 1.0.11-0+deb11u1libde265-examples-dbgsym_1.0.11-0+deb11u1_arm64.deb
Debian11mips64ellibde265-dev< 1.0.11-0+deb11u1libde265-dev_1.0.11-0+deb11u1_mips64el.deb
Debian10alllibde265< 1.0.3-1+deb10u1libde265_1.0.3-1+deb10u1_all.deb
Debian11armellibde265-examples-dbgsym< 1.0.11-0+deb11u1libde265-examples-dbgsym_1.0.11-0+deb11u1_armel.deb
Debian11mipsellibde265-dev< 1.0.11-0+deb11u1libde265-dev_1.0.11-0+deb11u1_mipsel.deb
Debian10amd64libde265-dev< 1.0.3-1+deb10u1libde265-dev_1.0.3-1+deb10u1_amd64.deb
Debian11amd64libde265-examples-dbgsym< 1.0.11-0+deb11u1libde265-examples-dbgsym_1.0.11-0+deb11u1_amd64.deb
Debian11ppc64ellibde265-0-dbgsym< 1.0.11-0+deb11u1libde265-0-dbgsym_1.0.11-0+deb11u1_ppc64el.deb
Debian11s390xlibde265-dev< 1.0.11-0+deb11u1libde265-dev_1.0.11-0+deb11u1_s390x.deb
Debian11armellibde265-0< 1.0.11-0+deb11u1libde265-0_1.0.11-0+deb11u1_armel.deb
Rows per page:
1-10 of 591

Related

nessus 5
openvas 5
osv 10
debiancve 6
prion 6
cnvd 6
nvd 6
ubuntucve 6
alpinelinux 6
veracode 6
cvelist 6
cve 6
cloudfoundry 1
ubuntu 2
debian 1
mageia 1
freebsd 1
nessus
nessus
Debian DLA-3240-1 : libde265 - LTS security update
2022-12-16 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : libde265 vulnerabilities (USN-6627-1)
2024-02-08 00:00:00
Debian DSA-5346-1 : libde265 - security update
2023-02-11 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3240-1)
2022-12-16 00:00:00
Ubuntu: Security Advisory (USN-6627-1)
2024-02-09 00:00:00
Mageia: Security Advisory (MGASA-2023-0093)
2023-03-28 00:00:00
osv
osv
libde265 - security update
2022-12-15 00:00:00
CVE-2021-36411
2022-01-10 23:15:09
CVE-2021-36409
2022-01-10 23:15:09
debiancve
debiancve
CVE-2021-36409
2022-01-10 23:15:09
CVE-2021-36411
2022-01-10 23:15:09
CVE-2021-36410
2022-01-10 23:15:09
prion
prion
Design/Logic Flaw
2022-01-10 23:15:00
Buffer overflow
2022-01-10 23:15:00
Stack overflow
2022-01-10 23:15:00
cnvd
cnvd
libde265 has an unspecified vulnerability
2022-01-13 00:00:00
libde265 Access Control Error Vulnerability
2022-01-13 00:00:00
libde265 buffer overflow vulnerability
2022-01-13 00:00:00
nvd
nvd
CVE-2021-36409
2022-01-10 23:15:09
CVE-2021-36411
2022-01-10 23:15:09
CVE-2021-36410
2022-01-10 23:15:09
ubuntucve
ubuntucve
CVE-2021-36411
2022-01-10 00:00:00
CVE-2021-36410
2022-01-10 00:00:00
CVE-2021-36408
2022-01-10 00:00:00
alpinelinux
alpinelinux
CVE-2021-36411
2022-01-10 23:15:09
CVE-2021-36410
2022-01-10 23:15:09
CVE-2021-36409
2022-01-10 23:15:00
veracode
veracode
Denial Of Service (DoS)
2022-01-12 03:41:57
Denial Of Service
2022-01-12 07:06:52
Use-After-Free
2022-01-12 06:36:30
cvelist
cvelist
CVE-2021-36410
2022-01-10 00:00:00
CVE-2021-36411
2022-01-10 00:00:00
CVE-2021-36409
2022-01-10 00:00:00
cve
cve
CVE-2021-36410
2022-01-10 23:15:09
CVE-2021-36409
2022-01-10 23:15:09
CVE-2021-36411
2022-01-10 23:15:09
cloudfoundry
cloudfoundry
USN-6627-1: libde265 vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
ubuntu
ubuntu
libde265 vulnerabilities
2024-02-08 00:00:00
libde265 vulnerabilities
2024-01-30 00:00:00
debian
debian
[SECURITY] [DSA 5346-1] libde265 security update
2023-02-10 19:38:07
mageia
mageia
Updated libde265 packages fix security vulnerability
2023-03-19 01:16:28
freebsd
freebsd
libde256 -- multiple vulnerabilities
2023-01-27 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.002

Percentile

56.8%

JSON
Related for DEBIAN:DLA-3240-1:DA04E
nessus5openvas5osv10debiancve6prion6cnvd6nvd6ubuntucve6alpinelinux6veracode6cvelist6cve6cloudfoundry1ubuntu2debian1mageia1freebsd1