Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6659-1

Ubuntu Security Notice 6659-1 - It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6659-1February 26, 2024libde265 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in libde265.Software Description:- libde265: Open H.265 video codec implementationDetails:It was discovered that libde265 could be made to write out of bounds. If auser or automated system were tricked into opening a specially craftedfile, an attacker could possibly use this issue to cause a denial ofservice or execute arbitrary code. (CVE-2022-43244, CVE-2022-43249,CVE-2022-43250, CVE-2022-47665, CVE-2023-25221)It was discovered that libde265 could be made to read out of bounds. If auser or automated system were tricked into opening a specially craftedfile, an attacker could possibly use this issue to cause a denial ofservice. (CVE-2022-43245)It was discovered that libde265 could be made to dereference invalidmemory. If a user or automated system were tricked into opening a speciallycrafted file, an attacker could possibly use this issue to cause a denialof service. (CVE-2023-24751, CVE-2023-24752, CVE-2023-24754,CVE-2023-24755, CVE-2023-24756, CVE-2023-24757, CVE-2023-24758)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   libde265-0                      1.0.8-1ubuntu0.2Ubuntu 20.04 LTS:   libde265-0                      1.0.4-1ubuntu0.3Ubuntu 18.04 LTS (Available with Ubuntu Pro):   libde265-0                      1.0.2-2ubuntu0.18.04.1~esm3Ubuntu 16.04 LTS (Available with Ubuntu Pro):   libde265-0                      1.0.2-2ubuntu0.16.04.1~esm3In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6659-1   CVE-2022-43244, CVE-2022-43245, CVE-2022-43249, CVE-2022-43250,   CVE-2022-47665, CVE-2023-24751, CVE-2023-24752, CVE-2023-24754,   CVE-2023-24755, CVE-2023-24756, CVE-2023-24757, CVE-2023-24758,   CVE-2023-25221Package Information:   https://launchpad.net/ubuntu/+source/libde265/1.0.8-1ubuntu0.2   https://launchpad.net/ubuntu/+source/libde265/1.0.4-1ubuntu0.3

Related news

Gentoo Linux Security Advisory 202408-20

Gentoo Linux Security Advisory 202408-20 - Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.0.11 are affected.

CVE-2023-24755: NULL Pointer Dereference in function put_weighted_pred_8_fallback at fallback-motion.cc:69 · Issue #384 · strukturag/libde265

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24758: NULL Pointer Dereference in function ff_hevc_put_weighted_pred_avg_8_sse at sse-motion.cc:254 · Issue #383 · strukturag/libde265

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24757: NULL Pointer Dereference in function put_unweighted_pred_16_fallback at fallback-motion.cc:179 · Issue #385 · strukturag/libde265

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24752: NULL Pointer Dereference in function ff_hevc_put_hevc_epel_pixels_8_sse at sse-motion.cc:987 · Issue #378 · strukturag/libde265

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24751: NULL Pointer Dereference in function mc_chroma at motion.cc:244 · Issue #379 · strukturag/libde265

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-25221: heap-buffer-overflow in function derive_spatial_luma_vector_prediction at motion.cc:1894 · Issue #388 · strukturag/libde265

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.

CVE-2023-24756: NULL Pointer Dereference in function ff_hevc_put_unweighted_pred_8_sse at sse-motion.cc:116 · Issue #380 · strukturag/libde265

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

CVE-2023-24754: NULL Pointer Dereference in function ff_hevc_put_weighted_pred_avg_8_sse at sse-motion.cc:237 · Issue #382 · strukturag/libde265

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

Debian Security Advisory 5346-1

Debian Linux Security Advisory 5346-1 - Multiple security issues were discovered in libde265, an implementation of the H.265 video codec which may result in denial of service and potentially the execution of arbitrary code if a malformed media file is processed.

Debian Security Advisory 5346-1

Debian Linux Security Advisory 5346-1 - Multiple security issues were discovered in libde265, an implementation of the H.265 video codec which may result in denial of service and potentially the execution of arbitrary code if a malformed media file is processed.

Debian Security Advisory 5346-1

Debian Linux Security Advisory 5346-1 - Multiple security issues were discovered in libde265, an implementation of the H.265 video codec which may result in denial of service and potentially the execution of arbitrary code if a malformed media file is processed.

Debian Security Advisory 5346-1

Debian Linux Security Advisory 5346-1 - Multiple security issues were discovered in libde265, an implementation of the H.265 video codec which may result in denial of service and potentially the execution of arbitrary code if a malformed media file is processed.

CVE-2022-43245: SEGV sao.cc: in void apply_sao_internal<unsigned short> · Issue #352 · strukturag/libde265

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43250: Heap-buffer-overflow in fallback-motion.cc: in put_qpel_0_0_fallback_16 · Issue #346 · strukturag/libde265

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43249: Heap-buffer-overflow in fallback-motion.cc: void put_epel_hv_fallback<unsigned short>( · Issue #345 · strukturag/libde265

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

CVE-2022-43244: Heap-buffer-overflow in fallback-motion.cc: in void put_qpel_fallback<unsigned short> · Issue #342 · strukturag/libde265

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution