libde265

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Open h.265 video codec implementation
Version	1.0.15-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2396	1.0.8-1	1.0.10-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2020-21606	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21605	AVG-2396	Low	Yes	Denial of service	libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.
CVE-2020-21604	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.
CVE-2020-21603	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.
CVE-2020-21602	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21601	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.
CVE-2020-21600	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.
CVE-2020-21599	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.
CVE-2020-21598	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
CVE-2020-21597	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.
CVE-2020-21596	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.
CVE-2020-21595	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.
CVE-2020-21594	AVG-2396	Medium	Yes	Arbitrary code execution	libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.