Source: libde265 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for libde265. CVE-2022-43243[0]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/339 CVE-2022-43248[1]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_weighted_pred_avg_16_fallback in fallback- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/349 CVE-2022-43253[2]: | Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow | vulnerability via put_unweighted_pred_16_fallback in fallback- | motion.cc. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted video file. https://github.com/strukturag/libde265/issues/348 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-43243 https://www.cve.org/CVERecord?id=CVE-2022-43243 [1] https://security-tracker.debian.org/tracker/CVE-2022-43248 https://www.cve.org/CVERecord?id=CVE-2022-43248 [2] https://security-tracker.debian.org/tracker/CVE-2022-43253 https://www.cve.org/CVERecord?id=CVE-2022-43253 Please adjust the affected versions in the BTS as needed.