Package "libde265-dev"
Name: |
libde265-dev
|
Description: |
Open H.265 video codec implementation - development files
|
Latest version: |
1.0.4-1ubuntu0.4 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
libde265 |
Homepage: |
https://github.com/strukturag/libde265 |
Links
Download "libde265-dev"
Other versions of "libde265-dev" in Focal
Changelog
libde265 (1.0.4-1ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: denial-of-service
-Â debian/patches/CVE-2023-27102.patch: check whether referenced
PPS exists.
- CVE-2023-27102
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2023-27103.patch: check for valid slice
header index access.
- CVE-2023-27103
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-43887.patch: fix buffer overflow via the
num_tile_columns and num_tile_row parameters in the function
pic_parameter_set::dump.
- CVE-2023-43887
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-47471.patch: check for null-pointer in
functon slice_segment_header::dump_slice_segment_header.
- CVE-2023-47471
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2023-49465.patch: fix buffer overflow via the
derive_spatial_luma_vector_prediction function.
- CVE-2023-49465
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2023-49467.patch: prevent endless loop in
decode_ref_idx_lX function when numRefIdxLXActive is invalid.
- CVE-2023-49467
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-49468.patch: sanitize values if IPM is
uninitialized in get_IntraPredMode function.
- CVE-2023-49468
-- Fabian Toepfer <email address hidden> Fri, 01 Mar 2024 10:52:18 +0100
|
Source diff to previous version |
CVE-2023-27102 |
Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. |
CVE-2023-27103 |
Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. |
CVE-2023-43887 |
Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_paramet |
CVE-2023-47471 |
Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header funct |
CVE-2023-49465 |
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. |
CVE-2023-49467 |
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at mo |
CVE-2023-49468 |
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. |
|
libde265 (1.0.4-1ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: read-out-of-bounds
- debian/patches/CVE-2022-43245.patch: fix illegal table access
when input pixel is out of range.
- CVE-2022-43245
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2022-43249.patch: checking in MC whether
bit-depths match.
- CVE-2022-43244
- CVE-2022-43249
- CVE-2022-43250
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2022-47665.patch: image's ctb_info has to be
reallocated also when dimensions change even if total number of
CTBs stays the same.
- CVE-2022-47665
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24751.patch: another MC fix for
monochroma images.
- CVE-2023-24751
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24752.patch: another MC fix for
monochroma images.
- CVE-2023-24752
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24754.patch: fix for monochrome MC.
- CVE-2023-24754
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-24755.patch: fix for monochrome MC.
- CVE-2023-24755
- CVE-2023-24756
- CVE-2023-24757
- CVE-2023-24758
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2023-25221.patch: check for invalid refIdx.
- CVE-2023-25221
* Add patches:
- d/p/check-for-negative-q-values-in-invalid-input-streams.patch
-- Fabian Toepfer <email address hidden> Wed, 14 Feb 2024 20:39:49 +0100
|
Source diff to previous version |
CVE-2022-43245 |
Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attack |
CVE-2022-43249 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This v |
CVE-2022-43244 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vuln |
CVE-2022-43250 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability |
CVE-2022-47665 |
Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) |
CVE-2023-24751 |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to |
CVE-2023-24752 |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulne |
CVE-2023-24754 |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vuln |
CVE-2023-24755 |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulner |
CVE-2023-24756 |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulner |
CVE-2023-24757 |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vul |
CVE-2023-24758 |
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vuln |
CVE-2023-25221 |
Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. |
|
libde265 (1.0.4-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: denial-of-service
- debian/patches/CVE-2021-35452.patch: fix check for valid PPS idx.
- CVE-2021-35452
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2021-36409.patch: fix assertion when reading
invalid scaling_list.
- CVE-2021-36409
* SECURITY UPDATE: stack-buffer-overflow
- debian/patches/CVE-2021-36410.patch: fix MC with HDR chroma, but
SDR luma.
- CVE-2021-36410
* SECURITY UPDATE: read-out-of-bounds
- debian/patches/CVE-2021-36411.patch: fix reading invalid images
where shdr references are NULL in part of the image.
- CVE-2021-36411
* SECURITY UPDATE: stack-buffer-overflow
- debian/patches/CVE-2022-43236.patch: check that image bit-depth
matches SPS bit depth.
- CVE-2022-43235
- CVE-2022-43236
- CVE-2022-43248
- CVE-2022-43253
* SECURITY UPDATE: stack-buffer-overflow
- debian/patches/CVE-2022-43237.patch: check that image chroma
format matches the SPS chroma format.
- CVE-2022-43237
- CVE-2022-43243
- CVE-2022-43252
* SECURITY UPDATE: read-out-of-bounds
- debian/patches/CVE-2022-43238.patch: check that image size
matches sps.
- CVE-2022-43238
- CVE-2022-43239
- CVE-2022-43240
- CVE-2022-43241
- CVE-2022-43242
* Add d/p/fix-invalid-memory-access-after-unavailable-reference-frame-insertion.patch
-- Fabian Toepfer <email address hidden> Tue, 06 Feb 2024 16:51:20 +0100
|
Source diff to previous version |
CVE-2021-35452 |
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc. |
CVE-2021-36409 |
There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to ca |
CVE-2021-36410 |
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265. |
CVE-2021-36411 |
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength |
CVE-2022-43236 |
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vul |
CVE-2022-43235 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerab |
CVE-2022-43248 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vuln |
CVE-2022-43253 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulner |
CVE-2022-43237 |
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. |
CVE-2022-43243 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnera |
CVE-2022-43252 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability all |
CVE-2022-43238 |
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attacker |
CVE-2022-43239 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows |
CVE-2022-43240 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerabi |
CVE-2022-43241 |
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers |
CVE-2022-43242 |
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows att |
|
libde265 (1.0.4-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow vulnerability
- debian/patches/CVE-2020-21596.patch: initialize newly created
CABAC model table.
- CVE-2020-21596
* SECURITY UPDATE: heap buffer overflow vulnerability
- debian/patches/CVE-2020-21605.patch: return error when PCM bits
parameter exceeds pixel depth.
- CVE-2020-21595
- CVE-2020-21599
- CVE-2020-21600
- CVE-2020-21601
- CVE-2020-21602
- CVE-2020-21603
- CVE-2020-21604
- CVE-2020-21605
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2021-36408: fix streams where SPS image
size changes without refreshing PPS.
- CVE-2020-21597
- CVE-2020-21598
- CVE-2020-21606
- CVE-2021-36408
-- Fabian Toepfer <email address hidden> Fri, 26 Jan 2024 20:57:57 +0100
|
CVE-2020-21596 |
libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. |
CVE-2020-21605 |
libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. |
CVE-2020-21595 |
libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. |
CVE-2020-21599 |
libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file. |
CVE-2020-21600 |
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. |
CVE-2020-21601 |
libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file. |
CVE-2020-21602 |
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. |
CVE-2020-21603 |
libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. |
CVE-2020-21604 |
libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. |
CVE-2021-36408 |
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265. |
CVE-2020-21597 |
libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file. |
CVE-2020-21598 |
libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. |
CVE-2020-21606 |
libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. |
|
About
-
Send Feedback to @ubuntu_updates