AVG-2396 log

Package libde265
Status Fixed
Severity Medium
Type multiple issues
Affected 1.0.8-1
Fixed 1.0.10-1
Current 1.0.15-3 [extra-testing]
1.0.15-2 [extra]
Ticket None
Created Fri Sep 17 08:34:30 2021
Advisory Pending
Issue Severity Remote Type Description
CVE-2020-21606 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21605 Low Yes Denial of service
libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.
CVE-2020-21604 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.
CVE-2020-21603 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.
CVE-2020-21602 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21601 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.
CVE-2020-21600 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21599 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.
CVE-2020-21598 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
CVE-2020-21597 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.
CVE-2020-21596 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.
CVE-2020-21595 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.
CVE-2020-21594 Medium Yes Arbitrary code execution
libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.