Debian X265 vulnerabilities

CVE-2017-13666 [MEDIUM] CVE-2017-13666: x265 - An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code ... An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906. Scope: local bookworm: resolved bullseye: resolved forky: resol

CVE-2017-8906 [MEDIUM] CVE-2017-8906: x265 - An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code ... An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding. Scope: local bookworm: resolved bullseye: resol

CVE-2017-13135 [HIGH] CVE-2017-13135: x265 - A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and ... A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. Scope: local bookworm: resolved (fixed in 2.6-3) bullseye: resolved (fixed in 2.6-3) forky: resolved (fixed in 2.6-3) sid: resolved (fixed in 2.6-3) trixie: resolved (fixed in