CVE-2020-21600

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libde265 version 1.0.4

Description The issue is related to a heap buffer overflow in the put weighted pred avg 16 fallback function of the libde265 video codec implementation. This can be exploited by a remote attacker using a specially crafted file, leading to a denial of service.

Recommendations For libde265 version 1.0.4, consider disabling the put weighted pred avg 16 fallback function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using crafted files that could trigger the heap buffer overflow in the affected function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-1410

BDU:2022-01747

CVE-2020-21600

DLA-3240-1

DSA-5346-1

MGASA-2023-0093

USN-6617-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Libde265

CVE-2020-21600

Weakness Enumeration

Related Identifiers

Affected Products

References · 44