Lucene search

[email protected]NVD:CVE-2023-24758

HistoryMar 01, 2023 - 3:15 p.m.

CVE-2023-24758

2023-03-0115:15:11

CWE-476

[email protected]

web.nvd.nist.gov

libde265 vulnerability

null pointer dereference

denial of service

crafted input file

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.8%

JSON

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

Affected configurations

NVD

Node

strukturlibde265Match1.0.10

Node

debiandebian_linuxMatch10.0

References

github.com/strukturag/libde265/issues/383

lists.debian.org/debian-lts-announce/2023/03/msg00004.html

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.8%

JSON

Related for NVD:CVE-2023-24758

cvelist1 debiancve1 veracode1 ubuntucve1 cve1 osv4 prion1 redos1 debian1 openvas4 nessus2 ubuntu1 cloudfoundry1 mageia1