Fdu-Sec

**Name of the Vulnerable Software and Affected Versions** libheif version 1.17.5 **Description** The issue is related to a segmentation violation in the `UncompressedImageCodec::get luma bits per pixel from configuration unci()` function of the libheif decoder and encoder. This could allow a remote attacker to cause a denial of service. **Recommendations** For libheif version 1.17.5, consider disabling the `UncompressedImageCodec::get luma bits per pixel from configuration unci()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libheif version 1.17.5 **Description** The issue is related to a segmentation violation in the `UncompressedImageCodec::decode uncompressed image()` function. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For libheif version 1.17.5, consider disabling the `UncompressedImageCodec::decode uncompressed image()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libheif version 1.17.5 **Description** The issue is related to a segmentation error in the `find exif tag()` function of the libheif decoder and encoder for file formats. Exploitation of this issue could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is caused by a segmentation violation via the `find exif tag()` function at `/libheif/exif.cc`. **Recommendations** For libheif version 1.17.5, as a temporary workaround, consider disabling the `find exif tag()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libheif version 1.17.5 **Description** The issue is related to a segmentation error in the /libheif/exif.cc component of the libheif decoder and encoder for file formats. Exploitation of this issue could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The component /libheif/exif.cc is specifically mentioned as the source of the segmentation violation. **Recommendations** For libheif version 1.17.5, consider disabling the /libheif/exif.cc component as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.14 **Description** The issue is related to a global buffer overflow vulnerability in the `read coding unit` function at `slice.cc`. This vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Libde265 version 1.0.14, consider disabling the `read coding unit` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.14 **Description** The issue is related to a heap-buffer-overflow vulnerability in the `derive spatial luma vector prediction` function. This vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the Libde265 video codec implementation of the h.265 standard. **Recommendations** For Libde265 version 1.0.14, consider disabling the `derive spatial luma vector prediction` function as a temporary workaround until a patch is available. Restrict access to the `motion.cc` file to minimize the risk of exploitation. Avoid using the vulnerable function in the affected video codec implementation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.14 **Description** The issue is related to a heap-buffer-overflow vulnerability in the `derive combined bipredictive merging candidates` function at `motion.cc`. This vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Libde265 version 1.0.14, consider disabling the `derive combined bipredictive merging candidates` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libde265 versions 1.0.8 **Description** The issue is related to a heap-buffer-overflow in the `ff hevc put hevc epel pixels 8 sse` function, which can be exploited by attackers to cause a Denial of Service (DoS) via a crafted video file. This vulnerability is associated with the Libde265 video codec implementation. **Recommendations** For Libde265 version 1.0.8, update to version 1.0.11 to fix the security issue. As a temporary workaround, consider disabling the `ff hevc put hevc epel pixels 8 sse` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Libde265 version 1.0.8 **Description** The issue is related to a heap-buffer-overflow vulnerability in the `put epel 16 fallback()` function of the Libde265 video codec implementation for h.265. This vulnerability can be exploited by a remote attacker using a specially crafted video file, potentially leading to a Denial of Service (DoS). The vulnerability is caused by the `put epel 16 fallback()` function in `fallback-motion.cc`. **Recommendations** For Libde265 version 1.0.8, update to version 1.0.11 to fix the security issues. As a temporary workaround, consider restricting the use of the `put epel 16 fallback()` function in `fallback-motion.cc` until a patch is available. Avoid using crafted video files that could exploit this vulnerability.