Struktur Libde265 vulnerabilities

CVE-2026-33164 [HIGH] CWE-122 CVE-2026-33164: libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malfo libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.

CVE-2026-33165 [MEDIUM] CWE-787 CVE-2026-33165: libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a craft libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay constant but Log2CtbSizeY changes, causing set_SliceHe

CVE-2025-61147 [MEDIUM] CWE-120 CVE-2025-61147: strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component d strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().

CVE-2025-29482 [MEDIUM] CVE-2025-29482: Buffer Overflow vulnerability in libheif 1 Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.

CVE-2024-38949 [MEDIUM] CWE-122 CVE-2024-38949: Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc

CVE-2024-38950 [MEDIUM] CWE-122 CVE-2024-38950: Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.

CVE-2023-51792 [LOW] CVE-2023-51792: Buffer Overflow vulnerability in libde265 v1 Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.

CVE-2023-49468 [HIGH] CWE-787 CVE-2023-49468: Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.

CVE-2023-49467 [HIGH] CWE-787 CVE-2023-49467: Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combin Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.

CVE-2023-49465 [HIGH] CWE-787 CVE-2023-49465: Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatia Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.

CVE-2023-43887 [HIGH] CWE-120 CVE-2023-43887: Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and nu Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.

CVE-2023-47471 [MEDIUM] CWE-120 CVE-2023-47471: Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a den Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.

CVE-2023-27103 [HIGH] CWE-787 CVE-2023-27103: Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.

CVE-2023-27102 [MEDIUM] CWE-476 CVE-2023-27102: Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.

CVE-2022-47665 [HIGH] CWE-787 CVE-2022-47665: Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, in Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)

CVE-2022-47664 [HIGH] CWE-120 CVE-2022-47664: Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse

CVE-2023-25221 [HIGH] CWE-787 CVE-2023-25221: Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatia Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.

CVE-2023-24755 [MEDIUM] CWE-476 CVE-2023-24755: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fal libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24757 [MEDIUM] CWE-476 CVE-2023-24757: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_ libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24751 [MEDIUM] CWE-476 CVE-2023-24751: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at m libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.