CVE-2024-38949 — Heap-based Buffer Overflow in Libde265

CWE-122 — Heap-based Buffer Overflow4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 67.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Struktur Libde265 Debian Libde265

Timeline

PublishedJun 26

Description

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/libde265

▶NVDstruktur/libde2651.0.15

🔴Vulnerability Details

GHSA

GHSA-w54f-vq4c-7637: Heap Buffer Overflow vulnerability in Libde265 v1↗2024-06-26

▶

OSV

CVE-2024-38949: Heap Buffer Overflow vulnerability in Libde265 v1↗2024-06-26

▶

📋Vendor Advisories

Debian

CVE-2024-38949: libde265 - Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash...↗2024

▶