CVE-2023-24754

Name of the Vulnerable Software and Affected Versions libde265 version 1.0.10

Description The issue is related to a NULL pointer dereference in the ff hevc put weighted pred avg 8 sse function at sse-motion.cc. This allows attackers to cause a Denial of Service (DoS) via a crafted input file. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For libde265 version 1.0.10, update to version 1.0.11 to fix the security issue. As a temporary workaround, consider avoiding the use of the ff hevc put weighted pred avg 8 sse function until a patch is available. Restrict access to crafted input files to minimize the risk of exploitation.