[SECURITY] [DLA 3676-1] libde265 security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3676-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
November 30, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libde265
Version : 1.0.11-0+deb10u5
CVE ID : CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471
Multiple issues were found in libde265, an open source implementation of the h.265 video codec.
CVE-2023-27102
NULL pointer dereference in function decoder_context::process_slice_segment_header
at decctx.cc.
CVE-2023-27103
Heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.
CVE-2023-43887
Multiple buffer overflows via the num_tile_columns and num_tile_row parameters in
the function pic_parameter_set::dump.
CVE-2023-47471
Buffer overflow vulnerability in strukturag may cause a denial of service via
the slice_segment_header function in the slice.cc component.
For Debian 10 buster, these problems have been fixed in version
1.0.11-0+deb10u5.
We recommend that you upgrade your libde265 packages.
For the detailed security status of libde265 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libde265
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
A libde265 security update has been released for Debian GNU/Linux 10 LTS to address multiple issues.