PT-2023-9040 · Libde265+4 · Libde265+4

Frank-Z7

Published

2023-11-22

Updated

2026-04-16

CVE-2023-51792

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions libde265 version 1.0.12

Description The issue is related to a buffer overflow in the libde265 video codec implementation, specifically concerning the allocation size exceeding the maximum supported size of 0x10000000000. This can be exploited by an attacker to cause a denial of service. The exploitation does not require local access, as a remote attacker can also trigger the issue.

Recommendations For libde265 version 1.0.12, consider applying a patch or update that fixes the buffer overflow issue, if available. As a temporary workaround, restrict the allocation size to prevent it from exceeding the maximum supported size of 0x10000000000.

Fix

DoS

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-120

Related Identifiers

BDU:2024-03240

CVE-2023-51792

ECHO-5C96-564E-B017

USN-6764-1

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Libde265

PT-2023-9040 · Libde265+4 · Libde265+4

CVE-2023-51792

Weakness Enumeration

Related Identifiers

Affected Products

References · 28