PT-2023-1846 · Libde265+4 · Libde265+4

Jieyong Mao

Publicado

2023-01-28

Atualizado

2024-02-26

CVE-2023-24751

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libde265 version 1.0.10

Description The issue is related to a NULL pointer dereference in the mc chroma function at motion.cc in the libde265 video codec implementation. This allows an attacker to cause a Denial of Service (DoS) via a crafted input file. The exploitation of this issue can be done remotely.

Recommendations For libde265 version 1.0.10, update to version 1.0.11 to fix the security issues. As a temporary workaround, consider restricting the use of the mc chroma function in motion.cc to minimize the risk of exploitation. Avoid using crafted input files that could trigger the NULL pointer dereference in the mc chroma function until the issue is resolved.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

BDU:2023-01445

CVE-2023-24751

DLA-3352-1

DSA-5346-1

MGASA-2023-0093

USN-6659-1

Produtos afetados

Astra Linux

Linuxmint

Red Os

Ubuntu

Libde265

PT-2023-1846 · Libde265+4 · Libde265+4

CVE-2023-24751

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 41