PT-2023-4440 · Libde265+3 · Libde265+3

Jieyong Mao

Publicado

2023-01-30

Atualizado

2024-02-26

CVE-2023-25221

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Libde265 version 1.0.10

Description The issue is related to a heap-buffer-overflow vulnerability in the derive spatial luma vector prediction function in motion.cc of the Libde265 video codec implementation. This vulnerability can be exploited to gain access to confidential data, compromise data integrity, and cause a denial of service.

Recommendations For Libde265 version 1.0.10, update to version 1.0.11 to fix the security issues. As a temporary workaround, consider restricting access to the derive spatial luma vector prediction function in motion.cc until the update is applied.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

BDU:2023-04826

CVE-2023-25221

DLA-3352-1

DSA-5346-1

MGASA-2023-0093

USN-6659-1

Produtos afetados

Astra Linux

Libde265

Linuxmint

Ubuntu

PT-2023-4440 · Libde265+3 · Libde265+3

CVE-2023-25221

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39