CVE-2021-36409

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libde265 version 1.0.8

Description The issue is related to the insufficient use of the assert() function in the sps.cc component of the libde265 h.265 video codec implementation. This can be exploited by a remote attacker using a specially crafted file, potentially allowing access to confidential data, disrupting data integrity, and causing a denial of service. The vulnerability is triggered when decoding a file fails the scaling list pred matrix id delta==1 assertion at sps.cc:925.

Recommendations For libde265 version 1.0.8, consider disabling the assert() function in the sps.cc component or restricting the use of the vulnerable video codec implementation until a patch is available. As a temporary workaround, avoid using the libde265 library with untrusted input files to minimize the risk of exploitation.

Exploit

Fix

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2023-01695

CVE-2021-36409

DLA-3240-1

DSA-5346-1

MGASA-2023-0093

ROSA-SA-2025-2630

ROSA-SA-2025-2631

USN-6627-1

Affected Products

Astra Linux

Linuxmint

Ubuntu

Libde265

CVE-2021-36409

Weakness Enumeration

Related Identifiers

Affected Products

References · 47