CVE-2020-21602

Name of the Vulnerable Software and Affected Versions libde265 version 1.0.4

Description The issue is related to a heap buffer overflow in the put weighted bipred 16 fallback function of the libde265 video codec implementation. This can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For libde265 version 1.0.4, consider disabling the put weighted bipred 16 fallback function as a temporary workaround until a patch is available. Restrict the use of crafted files that could exploit this issue to minimize the risk of service disruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.