CVE-2021-36411

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libde265 versions 1.0.8

Description The issue is related to incorrect access control in the derive boundaryStrength function of the deblock.cc component in the libde265 video codec implementation. This can cause a segmentation fault and application crash, leading to a remote denial of service. The vulnerability is exploited by a READ memory access error in the derive boundaryStrength function.

Recommendations For libde265 version 1.0.8, update to version 1.0.11 to fix the security issue. As a temporary workaround, consider restricting access to the derive boundaryStrength function of deblock.cc to minimize the risk of exploitation.

Exploit

Fix

DoS

Out of bounds Read

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-404

Related Identifiers

BDU:2023-01687

CVE-2021-36411

DLA-3240-1

DSA-5346-1

MGASA-2023-0093

ROSA-SA-2025-2630

ROSA-SA-2025-2631

USN-6627-1

Affected Products

Astra Linux

Linuxmint

Ubuntu

Libde265

CVE-2021-36411

Weakness Enumeration

Related Identifiers

Affected Products

References · 50