CVE-2020-21597

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libde265 version 1.0.4

Description The issue is related to a heap buffer overflow in the mc chroma function of the libde265 video codec implementation for h.265. This can be exploited by a remote attacker using a specially crafted file, leading to a denial of service. The mc chroma function is vulnerable to buffer overflow, which can be triggered via a crafted file.

Recommendations For libde265 version 1.0.4, consider disabling the mc chroma function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using crafted files that could trigger the buffer overflow in the mc chroma function until the issue is resolved.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-1410

BDU:2022-01745

CVE-2020-21597

DLA-3240-1

DLA-3280-1

DSA-5346-1

MGASA-2023-0093

USN-6617-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Libde265

CVE-2020-21597

Weakness Enumeration

Related Identifiers

Affected Products

References · 45