2189944 – (CVE-2023-27102, CVE-2023-27103) CVE-2023-27102 CVE-2023-27103 libde265: multiple vulnerabilities

Bug 2189944 (CVE-2023-27102, CVE-2023-27103) - CVE-2023-27102 CVE-2023-27103 libde265: multiple vulnerabilities

Summary: CVE-2023-27102 CVE-2023-27103 libde265: multiple vulnerabilities

Keywords:
Status:	NEW
Alias:	CVE-2023-27102, CVE-2023-27103
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2189910
TreeView+	depends on / blocked

Reported:	2023-04-26 14:16 UTC by juneau
Modified:	2023-08-10 18:21 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Libde265 v1.0.11, which contains a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. This issue can cause a denial of service. See https://github.com/strukturag/libde265/issues/393 for more information. Libde265 v1.0.11 also contains a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc that may lead to a denial of service and remote code execution. See https://github.com/strukturag/libde265/issues/394 for more information.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description juneau 2023-04-26 14:16:12 UTC

CVE-2023-27102 (https://github.com/strukturag/libde265/issues/393):
Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.

CVE-2023-27103 (https://github.com/strukturag/libde265/issues/394):
Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.

Fixed on master.

Note You need to log in before you can comment on or make changes to this bug.