Bug 2174861 (CVE-2023-24758) - CVE-2023-24758 libde265: NULL pointer dereference in ff_hevc_put_weighted_pred_avg_8_sse() in sse-motion.cc
Summary: CVE-2023-24758 libde265: NULL pointer dereference in ff_hevc_put_weighted_pre...
Keywords:
Status: NEW
Alias: CVE-2023-24758
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2174864
TreeView+ depends on / blocked
 
Reported: 2023-03-02 14:10 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-07-07 08:35 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-03-02 14:10:52 UTC
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

Reference:
https://github.com/strukturag/libde265/issues/383


Note You need to log in before you can comment on or make changes to this bug.