CVE-2026-49337

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.20

Description An issue in the h.265 video codec implementation allows a crafted sequence of H.265 NAL units to cause the decoder context::read slice NAL() function to attach slice headers to a finished picture object that lacks an active image unit. This leads to attacker-controlled unbounded heap growth, as the retained headers are not freed until the picture is released, which may not occur during continuous streaming.

Recommendations Update to version 1.0.20.