UbuntuUpdates.org

Package "libde265-examples"

Name: libde265-examples

Description:

Open H.265 video codec implementation - examples
Latest version: 1.0.8-1ubuntu0.3
Release: jammy (22.04)
Level: security
Repository: universe
Head package: libde265
Homepage: https://github.com/strukturag/libde265

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libde265-examples"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libde265-examples" in Jammy

Repository Area Version
base universe 1.0.8-1
updates universe 1.0.8-1ubuntu0.3

Changelog

Version: 1.0.8-1ubuntu0.3 2024-03-05 20:06:53 UTC

  libde265 (1.0.8-1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2023-27102.patch: check whether referenced
      PPS exists.
    - CVE-2023-27102
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2023-27103.patch: check for valid slice
      header index access.
    - CVE-2023-27103
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-43887.patch: fix buffer overflow via the
      num_tile_columns and num_tile_row parameters in the function
      pic_parameter_set::dump.
    - CVE-2023-43887
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-47471.patch: check for null-pointer in
      functon slice_segment_header::dump_slice_segment_header.
    - CVE-2023-47471
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2023-49465.patch: fix buffer overflow via the
      derive_spatial_luma_vector_prediction function.
    - CVE-2023-49465
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2023-49467.patch: prevent endless loop in
      decode_ref_idx_lX function when numRefIdxLXActive is invalid.
    - CVE-2023-49467
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-49468.patch: sanitize values if IPM is
      uninitialized in get_IntraPredMode function.
    - CVE-2023-49468

 -- Fabian Toepfer <email address hidden> Fri, 01 Mar 2024 10:51:23 +0100
Source diff to previous version
CVE-2023-27102 Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.
CVE-2023-27103 Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.
CVE-2023-43887 Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_paramet
CVE-2023-47471 Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header funct
CVE-2023-49465 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.
CVE-2023-49467 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at mo
CVE-2023-49468 Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.

Version: 1.0.8-1ubuntu0.2 2024-02-26 21:06:49 UTC

  libde265 (1.0.8-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: read-out-of-bounds
    - debian/patches/CVE-2022-43245.patch: fix illegal table access
      when input pixel is out of range.
    - CVE-2022-43245
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2022-43249.patch: checking in MC whether
      bit-depths match.
    - CVE-2022-43244
    - CVE-2022-43249
    - CVE-2022-43250
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2022-47665.patch: image's ctb_info has to be
      reallocated also when dimensions change even if total number of
      CTBs stays the same.
    - CVE-2022-47665
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-24751.patch: another MC fix for
      monochroma images.
    - CVE-2023-24751
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-24752.patch: another MC fix for
      monochroma images.
    - CVE-2023-24752
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-24754.patch: fix for monochrome MC.
    - CVE-2023-24754
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-24755.patch: fix for monochrome MC.
    - CVE-2023-24755
    - CVE-2023-24756
    - CVE-2023-24757
    - CVE-2023-24758
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2023-25221.patch: check for invalid refIdx.
    - CVE-2023-25221
  * Add patches:
    - debian/patches/mc-for-mono-images.patch

 -- Fabian Toepfer <email address hidden> Wed, 14 Feb 2024 20:24:21 +0100
Source diff to previous version
CVE-2022-43245 Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attack
CVE-2022-43249 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This v
CVE-2022-43244 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vuln
CVE-2022-43250 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability
CVE-2022-47665 Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)
CVE-2023-24751 libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to
CVE-2023-24752 libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulne
CVE-2023-24754 libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vuln
CVE-2023-24755 libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulner
CVE-2023-24756 libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulner
CVE-2023-24757 libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vul
CVE-2023-24758 libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vuln
CVE-2023-25221 Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.

Version: 1.0.8-1ubuntu0.1 2024-02-08 16:06:48 UTC

  libde265 (1.0.8-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2021-35452.patch: fix check for valid PPS idx.
    - CVE-2021-35452
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2021-36408.patch: fix streams where SPS image
      size changes without refreshing PPS.
    - CVE-2021-36408
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2021-36409.patch: fix assertion when reading
      invalid scaling_list.
    - CVE-2021-36409
  * SECURITY UPDATE: stack-buffer-overflow
    - debian/patches/CVE-2021-36410.patch: fix MC with HDR chroma, but
      SDR luma.
    - CVE-2021-36410
  * SECURITY UPDATE: read-out-of-bounds
    - debian/patches/CVE-2021-36411.patch: fix reading invalid images
      where shdr references are NULL in part of the image.
    - CVE-2021-36411
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2022-1253.patch: error on out-of-range
      cpb_cnt_minus1.
    - CVE-2022-1253
  * SECURITY UPDATE: stack-buffer-overflow
    - debian/patches/CVE-2022-43236.patch: check that image bit-depth
      matches SPS bit depth.
    - CVE-2022-43235
    - CVE-2022-43236
    - CVE-2022-43248
    - CVE-2022-43253
  * SECURITY UPDATE: stack-buffer-overflow
    - debian/patches/CVE-2022-43237.patch: check that image chroma
      format matches the SPS chroma format.
    - CVE-2022-43237
    - CVE-2022-43243
    - CVE-2022-43252
  * SECURITY UPDATE: read-out-of-bounds
    - debian/patches/CVE-2022-43238.patch: check that image size
      matches sps.
    - CVE-2022-43238
    - CVE-2022-43239
    - CVE-2022-43240
    - CVE-2022-43241
    - CVE-2022-43242

 -- Fabian Toepfer <email address hidden> Tue, 06 Feb 2024 16:52:09 +0100
CVE-2021-35452 An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.
CVE-2021-36408 An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.
CVE-2021-36409 There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to ca
CVE-2021-36410 A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.
CVE-2021-36411 An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength
CVE-2022-1253 Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c3
CVE-2022-43236 Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vul
CVE-2022-43235 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerab
CVE-2022-43248 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vuln
CVE-2022-43253 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulner
CVE-2022-43237 Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc.
CVE-2022-43243 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnera
CVE-2022-43252 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability all
CVE-2022-43238 Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attacker
CVE-2022-43239 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows
CVE-2022-43240 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerabi
CVE-2022-43241 Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers
CVE-2022-43242 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows att


About   -   Send Feedback to @ubuntu_updates