Debian 10225 Published by

A libde265 security update has been released for Debian GNU/Linux 10 LTS to address multiple issues.



[SECURITY] [DLA 3676-1] libde265 security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3676-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
November 30, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : libde265
Version : 1.0.11-0+deb10u5
CVE ID : CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471

Multiple issues were found in libde265, an open source implementation of the h.265 video codec.

CVE-2023-27102

NULL pointer dereference in function decoder_context::process_slice_segment_header
at decctx.cc.

CVE-2023-27103

Heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.

CVE-2023-43887

Multiple buffer overflows via the num_tile_columns and num_tile_row parameters in
the function pic_parameter_set::dump.

CVE-2023-47471

Buffer overflow vulnerability in strukturag may cause a denial of service via
the slice_segment_header function in the slice.cc component.

For Debian 10 buster, these problems have been fixed in version
1.0.11-0+deb10u5.

We recommend that you upgrade your libde265 packages.

For the detailed security status of libde265 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libde265

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS