CVE-2026-33164 — Heap-based Buffer Overflow in Libde265
Severity
8.7HIGHNVD
EPSS
0.1%
top 81.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 20
Description
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Packages4 packages
🔴Vulnerability Details
1📋Vendor Advisories
1Debian▶
CVE-2026-33164: libde265 - libde265 is an open source implementation of the h.265 video codec. Prior to ver...↗2026