Lucene search

K

Veracode Vulnerability DatabaseVERACODE:46603

HistoryApr 24, 2024 - 7:20 a.m.

Denial Of Service (DoS)

2024-04-2407:20:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

denial of service

vulnerability

buffer overflow

memory allocation

image.cc

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

7.2

Confidence

High

EPSS

0

Percentile

15.5%

strukturag/libde265 is vulnerable to Denial of Service (DoS). The vulnerability is caused due to a lack of proper bounds checking when calculating memory allocation sizes within image.cc. An attacker could manipulate the values to exceed the intended dimensions, leading to a buffer overflow and potentially a Denial of Service (DoS).

References

github.com/strukturag/libde265

github.com/strukturag/libde265/commit/221e767136b8c46c748ae35b79ec9b976b3da301

github.com/strukturag/libde265/issues/427

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

7.2

Confidence

High

EPSS

0

Percentile

15.5%

Related for VERACODE:46603

cvelist1 cve1 vulnrichment1 ubuntucve1 debiancve1 ubuntu1 nvd1 osv1 nessus4 redos1 openvas4