Blu3Sh0Rk

#10782of 53,630
25.6Total CVSS
Vulnerabilities · 3
High
3
PT-2023-21344
7.8
2023-03-15
Jpegoptim · Jpegoptim · CVE-2023-27781
**Name of the Vulnerable Software and Affected Versions** jpegoptim version 1.5.2 **Description** A heap overflow can occur with crafted JPEG image files, specifically in the `optimize` function at `jpegoptim.c`. This issue is related to the processing of JPEG images. **Recommendations** For jpegoptim version 1.5.2, consider avoiding the use of the `optimize` function until a patch is available. As a temporary workaround, restrict the processing of crafted JPEG image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2023-2355
10
2023-03-15
Libde265 · Libde265 · CVE-2023-27103
**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.11 **Description** The issue is related to a heap buffer overflow in the `derive collocated motion vectors` function at `motion.cc`. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Libde265 version 1.0.11, consider disabling the `derive collocated motion vectors` function as a temporary workaround until a patch is available. Restrict access to the `motion.cc` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-2356
7.8
2023-03-15
Libde265 · Libde265 · CVE-2023-27102
**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.11 **Description** The issue is related to a segmentation violation via the `decoder context::process slice segment header` function at decctx.cc. This vulnerability is associated with pointer dereference errors in the h.265 video codec implementation. Exploitation of this issue can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Libde265 version 1.0.11, as a temporary workaround, consider disabling the `decoder context::process slice segment header` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.