AVG-2396 log

Package	libde265
Status	Fixed
Severity	Medium
Type	multiple issues
Affected	1.0.8-1
Fixed	1.0.10-1
Current	1.0.15-1 [extra]
Ticket	None
Created	Fri Sep 17 08:34:30 2021
Advisory	Pending

Issue	Severity	Remote	Type	Description
CVE-2020-21606	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21605	Low	Yes	Denial of service	libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.
CVE-2020-21604	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.
CVE-2020-21603	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.
CVE-2020-21602	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21601	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.
CVE-2020-21600	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21599	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.
CVE-2020-21598	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
CVE-2020-21597	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.
CVE-2020-21596	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.
CVE-2020-21595	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.
CVE-2020-21594	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.