PT-2023-4440 · Libde265+3 · Libde265+3
Jieyong Mao
·
Published
2023-01-30
·
Updated
2024-02-26
·
CVE-2023-25221
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Libde265 version 1.0.10
Description
The issue is related to a heap-buffer-overflow vulnerability in the
derive spatial luma vector prediction function in motion.cc of the Libde265 video codec implementation. This vulnerability can be exploited to gain access to confidential data, compromise data integrity, and cause a denial of service.Recommendations
For Libde265 version 1.0.10, update to version 1.0.11 to fix the security issues. As a temporary workaround, consider restricting access to the
derive spatial luma vector prediction function in motion.cc until the update is applied.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Libde265
Linuxmint
Ubuntu